Share via

How to configure firewall to allow inbound traffic from only certain IP addresses?

Anonymous
2020-11-14T06:31:42+00:00

Hey, I am using a windows server to serve my website. I am also using a reverse proxy to protect against DDoS attacks. I need to allow traffic from only the reverse proxies IP addresses. I have a sample of what I want to do that uses Linux iptables.

iptables -I INPUT -p tcp -m multiport --dports http,https -s 51.254.57.212 -j ACCEPT

iptables -I INPUT -p tcp -m multiport --dports http,https -s 51.254.57.49 -j ACCEPT

... more rules similar to above...

iptables -A INPUT -p tcp -m multiport --dports http,https -j DROP

I have tried using

netsh advfirewall set allprofiles firewallpolicy blockinbound, allowoutbound

netsh advfirewall firewall add rule name="Core Networking (HTTP-IN)" dir=in action=allow protocol=TCP remoteip=51.254.57.212 remoteport=80

But the first command fails. I am not sure if this is the right way to do it. If someone knows any other way to achieve similar results, that would work as well. Any help will be appreciated.

Windows for home | Windows 10 | Internet and connectivity

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments
Answer accepted by question author
  1. Anonymous
    2020-11-14T07:27:16+00:00

    Hi and thanks for reaching out! I'm an Independent Advisor and a Microsoft user like you. Please allow me to assist with your issue.

    I prefer to use PowerShell. For your case, I've came up with the following. You can run it in a PowerShell (Admin).

    New-NetFirewallRule -DisplayName 'Allow-Inbound-ReverseProxy' -Profile @('Domain', 'Private', 'Public') -Direction Inbound -Action Allow -Protocol TCP -LocalPort @('80','443') –RemoteAddress @('51.254.57.212','51.254.57.49')

    This will create a new firewall rule named "Allow-Inbound-ReverseProxy" that applies to inbound traffic with two of the IP address you have, on all network profiles (Domain, Private, Public) for TCP port 80 and 443.

    Please let me know if I can help you further!

    2 people found this answer helpful.
    0 comments

4 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2020-11-14T09:17:15+00:00

    One more question, I have an IP range '5.182.48.0/24' can I just add it into the rule along with all the IP addresses?

    0 comments
  2. Anonymous
    2020-11-14T09:12:47+00:00

    Okay, that's exactly what I need. Thanks for all the help, I really appreciate it.

    0 comments
  3. Anonymous
    2020-11-14T09:05:51+00:00

    I'm not sure how many IP Addresses it will limit, but 20 seems alright to me.

    By default, Windows Firewall will block any inbound traffic that is not explicitly allowed.

    0 comments
  4. Anonymous
    2020-11-14T08:00:41+00:00

    Thanks for helping me out. I have one more question, how many IP addresses can I chain in -RemoteAddress parameter? I have like 20 IP addresses that I want to allow. And will this rule block all other inbound traffic as well?

    0 comments