Firewall rule to allow only a certain ip address

For a bug reproduction I created two hyper-v machines. Communication between the machine should be blocked, but communication with my main machine should be allowed. This can be done in the Windows Firewall.

First I queried for the ip address of my main machine. The ping command with -4 parameter will return the IPv4 address, somehow only that address worked in the firewall rule.
Then I created the firewall rule on both hyper-v machines and used the IPv4 address from the first step.
As an extra step I tested that the port was open or blocked on all machines.

The powershell commands are listed below.

# get the IPv4 address
ping [machine] -4

# create new firewall rule
New-NetFirewallRule -Direction Inbound `
-Action Allow `
-LocalPort 8031 `
-Protocol TCP `
-RemoteAddress [IP_FROM_PING] `
-DisplayName "Allow 8031 from Master"

# test port 8031 is open, will throw exception if closed
(New-Object System.Net.Sockets.TcpClient).Connect([VM], 8031)

To enable logging of dropped packages open the Windows Firewall. Open the Properties. Open the Public Profile tab. On the Logging section click Customize. Change the Log dropped packagets to Yes.


On the Monitoring node (tab Public Profile) the logfile is shown as a hyperlink for easy opening.

Reproduction of the bug made me solve it within 10 minutes. The solution could be tested in the repro environment and proved it was working.

About erictummers

Working in a DevOps team is the best thing that happened to me. I like challenges and sharing the solutions with others. On my blog I’ll mostly post about my work, but expect an occasional home project, productivity tip and tooling review.
This entry was posted in Tooling and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.