Introduction: This tutorial is designed to help you bolster your Windows firewall security to mitigate network abuse. It addresses two crucial aspects:
Network abuse can lead to compliance violations with hosting providers' Terms of Service (ToS) or security risks. By following this guide, you'll learn how to configure Windows Firewall effectively.
Prerequisites:
Step 0: Accessing Windows Firewall Settings Begin by opening the Windows Defender Firewall settings using either of these methods:
Method 1: Press the Windows key + R to open the "Run" dialog. Type wf.msc
and press Enter. Method 2: From the Start menu, search for "Windows Defender Firewall with Advanced Security" and select it.
For subsequent steps (Step 1 and Step 2), you will create new outbound rules following these procedures:
Step 1 - Blocking Teredo Ports (Port 3544): The objective here is to prevent outbound connections to external servers on port 3544, commonly used by Teredo.
Notes:
To block port 3544, proceed with the following steps after completing "Step 0":
Now, your firewall will intercept and block any connections attempting to reach external destinations on port 3544 before they exit your server.
Step 2 - Blocking Traffic to Private Networks: In this section, you'll establish firewall rules to obstruct outgoing traffic to specific private network IP address ranges:
These IP ranges are reserved for internal/private use and should not be accessed from a public server to prevent potential issues arising from misconfigured applications.
To block these private IP ranges, follow these steps after completing "Step 0":
In the "New Outbound Rule" wizard, select the "Custom" radio button and click "Next."
Leave the program selection as "All programs" and click "Next." Retain the default protocol and port settings and click "Next."
Under "Which remote IP addresses does this rule apply to?" select the "These IP addresses" radio button.
Click "Add..." to specify the IP address ranges to block.
In the "This IP address or subnet" field, enter the first IP address range to block (e.g., "10.0.0.0/8") and click "OK."
Repeat step 5 for the remaining IP address ranges:
After adding all four ranges, your settings should resemble this configuration.
Click "Next."
Ensure the "Block the connection" radio button is selected, and click "Next."
Maintain the default settings for "When does this rule apply?" and click "Next."
Provide a name (mandatory) and an optional description for your rule. Click "Finish" to create the rule.
The outbound rule is now active, blocking any outgoing traffic to the specified IP address ranges, which helps prevent abuse and potential issues.
Step 3 - Enabling IPv6 (Optional): If you require IPv6 connectivity, you can enable it while ensuring Teredo is disabled. Hetzner servers typically offer native IPv6 support.
Step 4 - Identifying Culprits (Optional): If your server's log differs from the examples shown, and you suspect other ports or services are causing network abuse, you can identify the culprit using various methods.
Hint 1: Use PowerShell to identify the process responsible for a specific port (e.g., 59244):
Open PowerShell as an administrator.
Enter the following command, replacing 59244 with the port number from your log:
Get-Process -Id (Get-NetUDPEndpoint -LocalPort 59244).OwningProcess
Hint 2: Use CMD to find the process ID for a specific port:
Open CMD.
Enter the following command, replacing XXXX with the port number:
netstat -ano | findStr "XXXX"
This command will display the process ID in the last column. You can identify the process using tools like Process Explorer.
Conclusion: This tutorial has provided you with insights into configuring Windows Firewall for enhanced security against network abuse. By blocking Teredo ports and preventing access to private IP address ranges, you can ensure compliance with hosting provider policies and protect your server from potential issues. Additionally, you have learned techniques for identifying and addressing network abuse culprits if your server's log presents different scenarios.
Better Pricing, Fast SSD Storage and Real 24/7
Technical Support.
Managing Your Site Through CPanel With The Latest Version
99.8% Uptime Guarantee.
So Focus On Your Work!
Day or night, rain or shine,
our team is here for you!
Daily & Weekly Backup.
Your Files Are Safe!