On Windows Server, you can restrict access to specific ports using the graphical interface (GUI) or PowerShell. The key is to modify the Scope of an Inbound Rule to allow only specific “Remote IP Addresses.”
Prerequisites:
- Administrator access to the Windows Server.
- The Port Number (e.g., 3389 for RDP, 1433 for MSSQL).
- The Trusted IP Address you want to permit.
Option 1: Using the Graphical Interface (GUI)
- Open Firewall Settings: Click Start, type “Windows Firewall with Advanced Security”, and press Enter.
- Inbound Rules: Click on Inbound Rules in the left sidebar.
- Create New Rule: Click New Rule… in the right-hand Actions pane.
- Rule Type: Select Port and click Next.
- Protocol and Ports: Select TCP and enter the port number (e.g., 1433) in Specific local ports. Click Next.
- Action: Select Allow the connection and click Next.
- Profile: Keep all boxes checked (Domain, Private, Public) and click Next.
- Name: Give it a name like “Restrict MSSQL to Trusted IP” and click Finish.
- Restrict to IP (The most important step): * Right-click your new rule and select Properties.
- Go to the Scope tab.
- Under Remote IP address, select These IP addresses and click Add.
- Enter your Trusted IP Address and click OK.
- Click Apply and OK.
Option 2: Using PowerShell (Fastest)
Run the following command as Administrator (replacing the IP and Port with your own):
PowerShell
New-NetFirewallRule -DisplayName "Restrict Port 1433" -Direction Inbound -LocalPort 1433 -Protocol TCP -Action Allow -RemoteAddress "1.2.3.4"
Verification:
Test the connection from the allowed IP. If you configured it correctly, the connection will go through, while all other IPs will be blocked.
Share this:
