For a bug reproduction I created two hyper-v machines. Communication between the machine should be blocked, but communication with my main machine should be allowed. This can be done in the Windows Firewall.

First I queried for the ip address of my main machine. The ping command with -4 parameter will return the IPv4 address, somehow only that address worked in the firewall rule.
Then I created the firewall rule on both hyper-v machines and used the IPv4 address from the first step.
As an extra step I tested that the port was open or blocked on all machines.

The powershell commands are listed below.

# get the IPv4 address
ping [machine] -4

# create new firewall rule
New-NetFirewallRule -Direction Inbound `
-Action Allow `
-LocalPort 8031 `
-Protocol TCP `
-RemoteAddress [IP_FROM_PING] `
-DisplayName "Allow 8031 from Master"

# test port 8031 is open, will throw exception if closed
(New-Object System.Net.Sockets.TcpClient).Connect([VM], 8031)

To enable logging of dropped packages open the Windows Firewall. Open the Properties. Open the Public Profile tab. On the Logging section click Customize. Change the Log dropped packagets to Yes.

On the Monitoring node (tab Public Profile) the logfile is shown as a hyperlink for easy opening.

Reproduction of the bug made me solve it within 10 minutes. The solution could be tested in the repro environment and proved it was working.