LogoAirnode Hosting
Windows VPS

How to Set Up Windows Firewall on Your VPS

What is Windows Firewall?

Windows Firewall is a security system that controls what can connect to your Windows VPS. It blocks bad connections and allows safe ones.

Windows Firewall helps protect your VPS from hackers and unwanted traffic. It's like a security guard that checks everyone trying to connect to your server.

Why Do You Need a Firewall?

  • Stop hackers from getting into your server
  • Block unwanted programs from connecting to the internet
  • Protect your data from being stolen
  • Control network access - only allow what you need
  • Meet security requirements - many applications need firewall protection

Important

Always be careful when setting up firewall rules. If you block the wrong ports, you might lose access to your server!

Checking Your Firewall Status

Step 1: Open Windows Defender Firewall

  1. Press Windows key + R
  2. Type: wf.msc and press Enter
  3. Windows Defender Firewall will open

Step 2: Check Firewall Status

You should see:

  • Domain Profile: Connected (if on domain) or Not connected
  • Private Profile: Connected (if on private network)
  • Public Profile: Connected (if on public network)

All should show "On" for protection.

Basic Firewall Rules

Allow RDP (Remote Desktop)

RDP is how you connect to your Windows VPS. You need to allow it:

  1. Open Windows Defender Firewall
  2. Click "Inbound Rules" on the left
  3. Click "New Rule" on the right
  4. Select "Port" and click Next
  5. Select "TCP" and enter 3389 for port
  6. Select "Allow the connection" and click Next
  7. Check all profiles (Domain, Private, Public) and click Next
  8. Name it "RDP" and click Finish

Allow Web Traffic (if you have a website)

# Allow HTTP (port 80)
New-NetFirewallRule -DisplayName "HTTP" -Direction Inbound -Protocol TCP -LocalPort 80 -Action Allow

# Allow HTTPS (port 443)
New-NetFirewallRule -DisplayName "HTTPS" -Direction Inbound -Protocol TCP -LocalPort 443 -Action Allow

Allow Game Server Ports

# Allow FiveM server (port 30120)
New-NetFirewallRule -DisplayName "FiveM" -Direction Inbound -Protocol TCP -LocalPort 30120 -Action Allow

# Allow Minecraft server (port 25565)
New-NetFirewallRule -DisplayName "Minecraft" -Direction Inbound -Protocol TCP -LocalPort 25565 -Action Allow

Using PowerShell for Firewall Rules

Create Rules with PowerShell

Open PowerShell as Administrator and use these commands:

# Allow a specific port
New-NetFirewallRule -DisplayName "My App" -Direction Inbound -Protocol TCP -LocalPort 8080 -Action Allow

# Allow a program
New-NetFirewallRule -DisplayName "My Program" -Direction Inbound -Program "C:\Program Files\MyApp\app.exe" -Action Allow

# Block a port
New-NetFirewallRule -DisplayName "Block Port" -Direction Inbound -Protocol TCP -LocalPort 1234 -Action Block

View All Rules

# List all inbound rules
Get-NetFirewallRule -Direction Inbound | Format-Table DisplayName, Enabled, Direction

# List rules for a specific port
Get-NetFirewallPortFilter | Where-Object LocalPort -eq 80 | Get-NetFirewallRule

Remove Rules

# Remove a rule by name
Remove-NetFirewallRule -DisplayName "My App"

# Remove all rules for a port
Get-NetFirewallPortFilter | Where-Object LocalPort -eq 8080 | Get-NetFirewallRule | Remove-NetFirewallRule

Common Ports You Might Need

PortWhat it's forPowerShell Command
3389RDP (Remote Desktop)New-NetFirewallRule -DisplayName "RDP" -Direction Inbound -Protocol TCP -LocalPort 3389 -Action Allow
80HTTP websitesNew-NetFirewallRule -DisplayName "HTTP" -Direction Inbound -Protocol TCP -LocalPort 80 -Action Allow
443HTTPS websitesNew-NetFirewallRule -DisplayName "HTTPS" -Direction Inbound -Protocol TCP -LocalPort 443 -Action Allow
21FTPNew-NetFirewallRule -DisplayName "FTP" -Direction Inbound -Protocol TCP -LocalPort 21 -Action Allow
1433SQL ServerNew-NetFirewallRule -DisplayName "SQL Server" -Direction Inbound -Protocol TCP -LocalPort 1433 -Action Allow
25565Minecraft serverNew-NetFirewallRule -DisplayName "Minecraft" -Direction Inbound -Protocol TCP -LocalPort 25565 -Action Allow
30120FiveM serverNew-NetFirewallRule -DisplayName "FiveM" -Direction Inbound -Protocol TCP -LocalPort 30120 -Action Allow

Advanced Firewall Settings

Enable Logging

  1. Open Windows Defender Firewall
  2. Click "Windows Defender Firewall Properties"
  3. Go to each profile tab (Domain, Private, Public)
  4. Click "Customize" under Logging
  5. Check "Log dropped packets" and "Log successful connections"
  6. Set log file size (default is 4MB)

Block Specific IP Addresses

# Block a specific IP
New-NetFirewallRule -DisplayName "Block IP" -Direction Inbound -RemoteAddress 192.168.1.100 -Action Block

# Block a range of IPs
New-NetFirewallRule -DisplayName "Block IP Range" -Direction Inbound -RemoteAddress 192.168.1.0/24 -Action Block

Allow Only Specific IPs

# Allow only specific IP to connect
New-NetFirewallRule -DisplayName "Allow Specific IP" -Direction Inbound -RemoteAddress 192.168.1.50 -Protocol TCP -LocalPort 3389 -Action Allow

Testing Your Firewall

Test from Another Computer

# Test if a port is reachable
telnet YOUR_VPS_IP 80

# Test RDP connection
mstsc /v:YOUR_VPS_IP

Check Firewall Logs

  1. Open Event Viewer
  2. Go to Windows Logs > Security
  3. Look for events with source "Microsoft-Windows-Windows Firewall With Advanced Security"

Use Online Port Scanner

Troubleshooting

Problem: "Cannot connect to server"

Solutions:

  • Check if the port is allowed in firewall
  • Verify the application is running
  • Test with telnet or port scanner

Problem: "Firewall rule not working"

Solutions:

  • Make sure you're using the right protocol (TCP/UDP)
  • Check if the rule is enabled
  • Verify the port number is correct

Problem: "Too many rules"

Solutions:

  • Group similar rules together
  • Use port ranges when possible
  • Remove unused rules regularly

Security Best Practices

1. Default Deny

  • Block everything by default
  • Only allow what you need
  • Use specific rules, not broad ones

2. Regular Updates

  • Keep Windows updated
  • Review firewall rules monthly
  • Remove unused rules

3. Monitor Logs

  • Check firewall logs regularly
  • Look for unusual activity
  • Set up alerts for blocked connections

4. Use Strong Rules

  • Specify exact ports and protocols
  • Limit source IP addresses when possible
  • Use descriptive names for rules

Quick Commands Reference

# Check firewall status
Get-NetFirewallProfile

# List all rules
Get-NetFirewallRule

# Enable firewall for all profiles
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True

# Disable firewall (not recommended)
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False

# Export firewall rules
Export-NetFirewallRule -Path C:\firewall-rules.xml

# Import firewall rules
Import-NetFirewallRule -Path C:\firewall-rules.xml

Your VPS is Protected!

Your Windows VPS is now much safer with proper firewall rules. Remember to only open the ports you actually need!

How to Share Files on Your Windows VPS

Previous Page

How to Set Up IIS Web Server on Your Windows VPS

Next Page

On this page

Why Do You Need a Firewall?Checking Your Firewall StatusStep 1: Open Windows Defender FirewallStep 2: Check Firewall StatusBasic Firewall RulesAllow RDP (Remote Desktop)Allow Web Traffic (if you have a website)Allow Game Server PortsUsing PowerShell for Firewall RulesCreate Rules with PowerShellView All RulesRemove RulesCommon Ports You Might NeedAdvanced Firewall SettingsEnable LoggingBlock Specific IP AddressesAllow Only Specific IPsTesting Your FirewallTest from Another ComputerCheck Firewall LogsUse Online Port ScannerTroubleshootingProblem: "Cannot connect to server"Problem: "Firewall rule not working"Problem: "Too many rules"Security Best Practices1. Default Deny2. Regular Updates3. Monitor Logs4. Use Strong RulesQuick Commands Reference