DeluxHost
Zurück zur Dokumentation
Windows Server·4 Min. Lesezeit

Windows Firewall: Port and Rule Management

Configure Windows Firewall on Windows Server via PowerShell and GUI. Open ports, block connections and manage rules.

Windows Server includes Windows Defender Firewall built-in. It's active by default and blocks all inbound connections not explicitly allowed.

02

Essential PowerShell Commands

Firewall Status

powershell
# View status of profiles (Domain, Private, Public)
Get-NetFirewallProfile | Select Name, Enabled, DefaultInboundAction

# Typical output:
# Name     Enabled DefaultInboundAction
# ----     ------- --------------------
# Domain   True    Block
# Private  True    Block
# Public   True    Block

Open a Port

powershell
# Single TCP port (es. web server)
New-NetFirewallRule -DisplayName "HTTP 80" `
  -Direction Inbound -Protocol TCP -LocalPort 80 -Action Allow

# UDP port (es. game server)
New-NetFirewallRule -DisplayName "Rust Server" `
  -Direction Inbound -Protocol UDP -LocalPort 28015 -Action Allow

# Port range
New-NetFirewallRule -DisplayName "Game Ports" `
  -Direction Inbound -Protocol TCP -LocalPort 27015-27020 -Action Allow

# Both TCP and UDP
New-NetFirewallRule -DisplayName "DNS" `
  -Direction Inbound -Protocol TCP -LocalPort 53 -Action Allow
New-NetFirewallRule -DisplayName "DNS UDP" `
  -Direction Inbound -Protocol UDP -LocalPort 53 -Action Allow

Common Ports to Open

powershell
# RDP (already open by default on Windows Server)
New-NetFirewallRule -DisplayName "RDP" -Direction Inbound -Protocol TCP -LocalPort 3389 -Action Allow

# HTTP / HTTPS
New-NetFirewallRule -DisplayName "HTTP" -Direction Inbound -Protocol TCP -LocalPort 80 -Action Allow
New-NetFirewallRule -DisplayName "HTTPS" -Direction Inbound -Protocol TCP -LocalPort 443 -Action Allow

# SQL Server
New-NetFirewallRule -DisplayName "SQL Server" -Direction Inbound -Protocol TCP -LocalPort 1433 -Action Allow

# FTP
New-NetFirewallRule -DisplayName "FTP" -Direction Inbound -Protocol TCP -LocalPort 21 -Action Allow
New-NetFirewallRule -DisplayName "FTP Passive" -Direction Inbound -Protocol TCP -LocalPort 49152-65535 -Action Allow
03

Manage Existing Rules

powershell
# List all active inbound rules
Get-NetFirewallRule -Direction Inbound -Enabled True | Select DisplayName, LocalPort, Protocol, Action

# Search rule by name
Get-NetFirewallRule -DisplayName "*HTTP*"

# Disable rule (without deleting)
Disable-NetFirewallRule -DisplayName "HTTP 80"

# Enable rule
Enable-NetFirewallRule -DisplayName "HTTP 80"

# Delete rule
Remove-NetFirewallRule -DisplayName "HTTP 80"
04

Limit Access by IP (Whitelist)

powershell
# Allow RDP only from your IP
New-NetFirewallRule -DisplayName "RDP office only" `
  -Direction Inbound `
  -Protocol TCP `
  -LocalPort 3389 `
  -RemoteAddress "1.2.3.4" `
  -Action Allow

# Block everything else on RDP
New-NetFirewallRule -DisplayName "Block RDP others" `
  -Direction Inbound `
  -Protocol TCP `
  -LocalPort 3389 `
  -Action Block

# Multiple IPs or subnets:
-RemoteAddress "1.2.3.4","192.168.1.0/24","10.0.0.0/8"

Unlike iptables, Windows Firewall evaluates Block rules first, then Allow rules. A Block rule always takes precedence over Allow for same port/IP.

05

Block a Suspicious IP

powershell
# Block inbound connections from specific IP
New-NetFirewallRule -DisplayName "Block Suspicious IP" `
  -Direction Inbound `
  -RemoteAddress "1.2.3.4" `
  -Action Block

# Also block outbound to that IP
New-NetFirewallRule -DisplayName "Block Outbound Suspicious IP" `
  -Direction Outbound `
  -RemoteAddress "1.2.3.4" `
  -Action Block
06

Disable Firewall (test only)

powershell
# Disable all profiles: DON'T use in production
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False

# Re-enable
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True

Disabling firewall on an internet-exposed server is dangerous. Do it only temporarily for diagnostics and re-enable immediately after.

07

GUI: Windows Defender Firewall with Advanced Security

Open with Win+Rwf.msc

Structure:

To create manual rule: right-click Inbound RulesNew Rule → Port → specify port → Allow.

  • Inbound Rules: incoming connections
  • Outbound Rules: outgoing connections
  • Connection Security Rules: IPsec
08

Export and Import Rules

powershell
# Export all rules to XML file
netsh advfirewall export "C:\firewall-backup.wfw"

# Import (overwrites all rules!)
netsh advfirewall import "C:\firewall-backup.wfw"
09

Firewall Logs

powershell
# Enable logging for blocked connections
Set-NetFirewallProfile -Profile Public -LogBlocked True -LogFileName "C:\Windows\System32\LogFiles\Firewall\pfirewall.log"

# View log
Get-Content "C:\Windows\System32\LogFiles\Firewall\pfirewall.log" -Tail 30

The log shows source IP, destination, port and action (DROP/ALLOW) for each packet.

Verwandte Artikel

Windows Server

Windows VPS: Performance Tweaks

Optimizations and tweaks to improve Windows Server VPS performance

4 Min. Lesezeit
Windows Server

Change Language to English on Windows Server

How to set English as primary language on Windows Server VPS

2 Min. Lesezeit
Windows Server

RDP: Access, Port, Multi-User and Issues

Complete guide to Remote Desktop on Windows Server - connection, port change, multiple simultaneous users and troubleshooting

4 Min. Lesezeit
Zurück zur Dokumentation

DeluxHost, gegründet 2023, bietet hochwertige Hosting-Lösungen für verschiedene digitale Anforderungen. Wir bieten Shared Hosting, VPS und dedizierte Server mit erweiterter Sicherheit und globalen Rechenzentren.

© DeluxHost, Alle Rechte vorbehalten. | USt-IdNr.: IT17734661006
Alle Systeme betriebsbereit

Produkte

VPSPlus VPSVDSPlus VDSDedicatedGame ServersDeals

Über uns

Kontaktieren Sie unsInfrastrukturNetzwerkAnti-DDoS

Rechtliches

NutzungsbedingungenDatenschutzrichtlinieRichtlinie zur fairen NutzungSLA

Sonstiges

ServicestatusTicket einreichenKontrollpanelDedicated-PanelLooking Glass