Windows Firewall Configuration: Native Alternatives to iptables for IP Blocking and Network Security


2 views

While Linux administrators rely on iptables/netfilter for packet filtering, Windows provides equivalent functionality through its built-in Windows Firewall with Advanced Security. The key differences:

  • Windows Firewall is stateful by default (like iptables with connection tracking)
  • Rules are managed through GUI or PowerShell rather than command-line syntax
  • Integrated with Windows Security Center and Group Policy

Here's how to block specific IPs using Windows native tools:

# Block inbound traffic from a specific IP
New-NetFirewallRule -DisplayName "Block Malicious IP" -Direction Inbound 
-InterfaceType Any -Protocol Any -Action Block -RemoteAddress 192.0.2.100

# Block entire subnet
New-NetFirewallRule -DisplayName "Block Suspicious Subnet" -Direction Inbound 
-InterfaceType Any -Protocol Any -Action Block -RemoteAddress 203.0.113.0/24

For TCP/UDP port control (similar to iptables port rules):

# Allow inbound SSH (port 22) only from trusted IP
New-NetFirewallRule -DisplayName "Allow SSH" -Direction Inbound -Protocol TCP 
-LocalPort 22 -RemoteAddress 198.51.100.25 -Action Allow

# Block outgoing connections to specific port
New-NetFirewallRule -DisplayName "Block Dangerous Outbound" -Direction Outbound 
-Protocol TCP -RemotePort 6667 -Action Block

Windows Firewall supports complex rules comparable to iptables chains:

# Create a rule with service filtering
New-NetFirewallRule -DisplayName "Block SQL Server Exploits" -Direction Inbound 
-Protocol TCP -LocalPort 1433 -Program "%ProgramFiles%\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" 
-Action Block -Profile Domain,Private,Public

For users needing iptables-like syntax:

  • Windows Subsystem for Linux (WSL): Run actual iptables in WSL2 (kernel-level networking)
  • Third-party firewalls: Tools like TinyWall or GlassWire offer enhanced interfaces
  • Cygwin/ipfw: Possible but not recommended due to driver compatibility issues

To audit firewall activity (similar to iptables logging):

# Enable logging for dropped packets
Set-NetFirewallProfile -Profile Domain,Public,Private -LogFileName %SystemRoot%\System32\LogFiles\Firewall\pfirewall.log 
-LogMaxSizeKilobytes 4096 -LogAllowed True -LogBlocked True

For Linux administrators, iptables is the go-to tool for network packet filtering and NAT rules. Windows lacks a direct command-line equivalent, but offers several approaches to achieve similar functionality.

The native solution is Windows Defender Firewall with Advanced Security (WFAS). Here's how to block an IP address:

# PowerShell command to block an IP:
New-NetFirewallRule -DisplayName "Block Malicious IP" -Direction Inbound -RemoteAddress 192.168.1.100 -Action Block

Key features:

  • GUI and command-line management (via PowerShell)
  • Inbound/outbound rule configuration
  • Protocol-specific filtering (TCP/UDP/ICMP)
  • Port-based restrictions

For users needing more iptables-like functionality:

1. Windows Subsystem for Linux (WSL)

With WSL2, you can run actual iptables in a Linux environment:

# Install WSL and a Linux distribution
wsl --install -d Ubuntu

# Inside WSL:
sudo apt update && sudo apt install iptables
sudo iptables -A INPUT -s 10.0.0.5 -j DROP

2. Netsh Command Utility

The legacy netsh command provides some firewall control:

# Block an IP using netsh:
netsh advfirewall firewall add rule name="BlockIP" dir=in action=block remoteip=192.168.1.100

3. Third-Party Firewalls

  • PeerBlock: Open-source IP blocker with list management
  • TinyWall: Lightweight firewall with whitelisting
  • GlassWire: Visual firewall with network monitoring

Here's how to implement a stateful firewall rule similar to iptables' connection tracking:

# PowerShell script for stateful filtering
$RuleParams = @{
    DisplayName = "Allow Established Connections"
    Direction = "Inbound"
    Protocol = "TCP"
    Action = "Allow"
    RemoteAddress = "Any"
    LocalPort = "80,443"
    Program = "C:\Program Files\MyApp\server.exe"
    EdgeTraversalPolicy = "Block"
    Enabled = "True"
    Profile = "Any"
    InterfaceType = "Any"
}
New-NetFirewallRule @RuleParams

For advanced scenarios like:

  • NAT rules (use Windows Routing and Remote Access Service)
  • Packet mangling (consider third-party tools like WinDivert)
  • High-performance filtering (commercial solutions like Palo Alto or Cisco firewalls)

The best approach depends on your specific requirements and comfort level with Windows administration tools.