Configure Windows Firewall
This guide explains how to configure Windows Defender Firewall on your Windows VPS.
Access Windows Firewall
Via Control Panel
- Press
Win + R - Type
firewall.cpland press Enter - Click Advanced settings in the left menu
Via Windows Defender
- Open Windows Settings (
Win + I) - Windows Security > Firewall & network protection
- Click Advanced settings
Advanced Firewall Interface
The interface is divided into several sections:
- Inbound Rules: Controls connections to your server
- Outbound Rules: Controls connections from your server
- Connection Security Rules: IPsec and secure tunnels
- Monitoring: Overview of active rules
Create an Inbound Rule
Open a Port (GUI)
- Click Inbound Rules
- In the right panel, click New Rule...
- Select Port > Next
- Choose TCP or UDP
- Enter the port (e.g.:
25565for Minecraft) - Select Allow the connection > Next
- Check the profiles (Domain, Private, Public) > Next
- Give the rule a name (e.g.: "Minecraft Server")
- Click Finish
Open a Port (PowerShell)
# Open TCP port 25565 (Minecraft)
New-NetFirewallRule -DisplayName "Minecraft Server" -Direction Inbound -Protocol TCP -LocalPort 25565 -Action Allow
# Open UDP port 25565
New-NetFirewallRule -DisplayName "Minecraft Server UDP" -Direction Inbound -Protocol UDP -LocalPort 25565 -Action Allow
# Open a port range
New-NetFirewallRule -DisplayName "FiveM Ports" -Direction Inbound -Protocol TCP -LocalPort 30120-30130 -Action Allow
Common Ports to Open
Game Servers
| Service | TCP Port | UDP Port |
|---|---|---|
| Minecraft | 25565 | 25565 |
| FiveM | 30120 | 30120 |
| Garry's Mod | 27015 | 27015 |
| ARK | 7777-7778 | 7777-7778, 27015 |
| Rust | 28015-28016 | 28015-28016 |
Web Services
| Service | Port |
|---|---|
| HTTP | 80 |
| HTTPS | 443 |
| FTP | 21 |
| MySQL | 3306 |
| RDP | 3389 |
Complete FiveM Example
# FiveM main port
New-NetFirewallRule -DisplayName "FiveM TCP" -Direction Inbound -Protocol TCP -LocalPort 30120 -Action Allow
New-NetFirewallRule -DisplayName "FiveM UDP" -Direction Inbound -Protocol UDP -LocalPort 30120 -Action Allow
# txAdmin
New-NetFirewallRule -DisplayName "txAdmin" -Direction Inbound -Protocol TCP -LocalPort 40120 -Action Allow
Manage Existing Rules
Via PowerShell
# List all inbound rules
Get-NetFirewallRule -Direction Inbound | Format-Table Name, Enabled, Action
# List active rules
Get-NetFirewallRule -Enabled True -Direction Inbound
# Disable a rule
Disable-NetFirewallRule -DisplayName "Rule Name"
# Enable a rule
Enable-NetFirewallRule -DisplayName "Rule Name"
# Delete a rule
Remove-NetFirewallRule -DisplayName "Rule Name"
View Open Ports
# View listening ports
netstat -an | findstr LISTENING
# Detailed version with process name
Get-NetTCPConnection -State Listen | Select-Object LocalPort, OwningProcess, @{Name="Process";Expression={(Get-Process -Id $_.OwningProcess).Name}} | Sort-Object LocalPort
Block a Specific IP
Via Interface
- Inbound Rules > New Rule
- Select Custom > Next
- All programs > Next
- Protocol: Any > Next
- Remote IP address: These IP addresses > Add the IP to block
- Block the connection > Next
- Name the rule and finish
Via PowerShell
# Block an IP
New-NetFirewallRule -DisplayName "Block IP" -Direction Inbound -RemoteAddress 203.0.113.50 -Action Block
# Block an IP range
New-NetFirewallRule -DisplayName "Block IP Range" -Direction Inbound -RemoteAddress 203.0.113.0/24 -Action Block
Allow an Application
# Allow a specific application
New-NetFirewallRule -DisplayName "My Application" -Direction Inbound -Program "C:\Path\To\Application.exe" -Action Allow
Firewall Profiles
Windows uses three profiles:
- Domain: Enterprise network with Active Directory
- Private: Trusted network (home)
- Public: Untrusted network (default on VPS)
For a VPS, apply rules to the Public profile.
# Create a rule only for Public profile
New-NetFirewallRule -DisplayName "Web Server" -Direction Inbound -Protocol TCP -LocalPort 80 -Action Allow -Profile Public
Reset the Firewall
Warning
This will delete all your custom rules!
# Reset to default settings
netsh advfirewall reset
Enable/Disable the Firewall
# Disable (not recommended)
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False
# Enable
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True
# Check status
Get-NetFirewallProfile | Format-Table Name, Enabled
Export/Import Rules
# Export rules
netsh advfirewall export "C:\backup\firewall-rules.wfw"
# Import rules
netsh advfirewall import "C:\backup\firewall-rules.wfw"
Tip
After configuring your rules, always test connectivity from outside to verify that ports are properly open.