Share via

Block incoming TCP packets for Windows

Sushant Sharma 1 Reputation point
2021-08-25T18:46:37.623+00:00

I have a test setup requirement where I want to block incoming packets from the server to my windows machine.

I am trying to do that using the following command 

netsh advfirewall firewall add rule name='test2' protocol=tcp dir=in action=block remoteport=1883

State after the command is run: 

C:\Windows\system32>netsh advfirewall firewall show rule name='test2'

Rule Name:                            'test2'
----------------------------------------------------------------------
Enabled:                              Yes
Direction:                            In
Profiles:                             Domain,Private,Public
Grouping:
LocalIP:                              Any
RemoteIP:                             Any
Protocol:                             TCP
LocalPort:                            Any
RemotePort:                           1883
Edge traversal:                       No
Action:                               Block
Ok.

But this is not working as expected. The client still gets responses from the server listening at the specific port (1883 in this case).

The linux equivalent for this is sudo iptables --insert INPUT -p tcp --sport 1883 -j REJECT which works like a charm.

Is this expectation wrong? Is there another way to achieve this?

Windows for business | Windows Client for IT Pros | Networking | Network connectivity and file sharing
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andreas Baumgarten 123.4K Reputation points MVP Volunteer Moderator
    2021-08-25T19:06:17.077+00:00

    Hi @Sushant Sharma ,

    have you tried to block incoming traffic on the local tcp port 1883? 

    netsh advfirewall firewall add rule name='test3' protocol=tcp dir=in action=block localport=1883

    This should block the incoming TCP 1883 traffic from server to your windows machine on the windows machine, if I got your requirement right ;-)

    ----------

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten

  2. Andreas Baumgarten 123.4K Reputation points MVP Volunteer Moderator
    2021-08-25T21:43:27.493+00:00

    Hi @Sushant Sharma ,

    if the outbound communication on the windows machine via TCP Port 1883 is allowed the inbound traffic (response to the outbound communication) is allowed automatically (the windows firewall is stateful as far as I know).

    You should block the outbound traffic on TCP Port 1883 on the windows machine. 

    netsh advfirewall firewall add rule name='test4' protocol=tcp dir=out action=block remoteport=1883

    ----------

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten

    0 comments
  3. Limitless Technology 39,921 Reputation points
    2021-08-26T10:32:18.073+00:00

    Helllo SushantSharma,

    Have you tried using powershell from an local admin session?

    PS C:\> New-NetFirewallRule -DisplayName "BlockInbound Port 1883" -Direction Outbound -LocalPort 1883 -Action Block

    For more details on how to manage Firewall rules using Powershell: https://learn.microsoft.com/en-us/powershell/module/netsecurity/new-netfirewallrule?view=windowsserver2019-ps

    Best regards,
    Luis P

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.