Skip to main content

Configure Windows Firewall

This guide explains how to configure Windows Defender Firewall on your Windows VPS.

Access Windows Firewall​

Via Control Panel​

  1. Press Win + R
  2. Type firewall.cpl and press Enter
  3. Click Advanced settings in the left menu

Via Windows Defender​

  1. Open Windows Settings (Win + I)
  2. Windows Security > Firewall & network protection
  3. Click Advanced settings

Advanced Firewall Interface​

The interface is divided into several sections:

  • Inbound Rules: Controls connections to your server
  • Outbound Rules: Controls connections from your server
  • Connection Security Rules: IPsec and secure tunnels
  • Monitoring: Overview of active rules

Create an Inbound Rule​

Open a Port (GUI)​

  1. Click Inbound Rules
  2. In the right panel, click New Rule...
  3. Select Port > Next
  4. Choose TCP or UDP
  5. Enter the port (e.g.: 25565 for Minecraft)
  6. Select Allow the connection > Next
  7. Check the profiles (Domain, Private, Public) > Next
  8. Give the rule a name (e.g.: "Minecraft Server")
  9. Click Finish

Open a Port (PowerShell)​

# Open TCP port 25565 (Minecraft)
New-NetFirewallRule -DisplayName "Minecraft Server" -Direction Inbound -Protocol TCP -LocalPort 25565 -Action Allow

# Open UDP port 25565
New-NetFirewallRule -DisplayName "Minecraft Server UDP" -Direction Inbound -Protocol UDP -LocalPort 25565 -Action Allow

# Open a port range
New-NetFirewallRule -DisplayName "FiveM Ports" -Direction Inbound -Protocol TCP -LocalPort 30120-30130 -Action Allow

Common Ports to Open​

Game Servers​

ServiceTCP PortUDP Port
Minecraft2556525565
FiveM3012030120
Garry's Mod2701527015
ARK7777-77787777-7778, 27015
Rust28015-2801628015-28016

Web Services​

ServicePort
HTTP80
HTTPS443
FTP21
MySQL3306
RDP3389

Complete FiveM Example​

# FiveM main port
New-NetFirewallRule -DisplayName "FiveM TCP" -Direction Inbound -Protocol TCP -LocalPort 30120 -Action Allow
New-NetFirewallRule -DisplayName "FiveM UDP" -Direction Inbound -Protocol UDP -LocalPort 30120 -Action Allow

# txAdmin
New-NetFirewallRule -DisplayName "txAdmin" -Direction Inbound -Protocol TCP -LocalPort 40120 -Action Allow

Manage Existing Rules​

Via PowerShell​

# List all inbound rules
Get-NetFirewallRule -Direction Inbound | Format-Table Name, Enabled, Action

# List active rules
Get-NetFirewallRule -Enabled True -Direction Inbound

# Disable a rule
Disable-NetFirewallRule -DisplayName "Rule Name"

# Enable a rule
Enable-NetFirewallRule -DisplayName "Rule Name"

# Delete a rule
Remove-NetFirewallRule -DisplayName "Rule Name"

View Open Ports​

# View listening ports
netstat -an | findstr LISTENING

# Detailed version with process name
Get-NetTCPConnection -State Listen | Select-Object LocalPort, OwningProcess, @{Name="Process";Expression={(Get-Process -Id $_.OwningProcess).Name}} | Sort-Object LocalPort

Block a Specific IP​

Via Interface​

  1. Inbound Rules > New Rule
  2. Select Custom > Next
  3. All programs > Next
  4. Protocol: Any > Next
  5. Remote IP address: These IP addresses > Add the IP to block
  6. Block the connection > Next
  7. Name the rule and finish

Via PowerShell​

# Block an IP
New-NetFirewallRule -DisplayName "Block IP" -Direction Inbound -RemoteAddress 203.0.113.50 -Action Block

# Block an IP range
New-NetFirewallRule -DisplayName "Block IP Range" -Direction Inbound -RemoteAddress 203.0.113.0/24 -Action Block

Allow an Application​

# Allow a specific application
New-NetFirewallRule -DisplayName "My Application" -Direction Inbound -Program "C:\Path\To\Application.exe" -Action Allow

Firewall Profiles​

Windows uses three profiles:

  • Domain: Enterprise network with Active Directory
  • Private: Trusted network (home)
  • Public: Untrusted network (default on VPS)

For a VPS, apply rules to the Public profile.

# Create a rule only for Public profile
New-NetFirewallRule -DisplayName "Web Server" -Direction Inbound -Protocol TCP -LocalPort 80 -Action Allow -Profile Public

Reset the Firewall​

Warning

This will delete all your custom rules!

# Reset to default settings
netsh advfirewall reset

Enable/Disable the Firewall​

# Disable (not recommended)
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False

# Enable
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True

# Check status
Get-NetFirewallProfile | Format-Table Name, Enabled

Export/Import Rules​

# Export rules
netsh advfirewall export "C:\backup\firewall-rules.wfw"

# Import rules
netsh advfirewall import "C:\backup\firewall-rules.wfw"
Tip

After configuring your rules, always test connectivity from outside to verify that ports are properly open.