azseang 0 Posted August 30 Share Posted August 30 (edited) I have tried this using both ESET internet security 17.2.7.0 firewall and windows defender firewall to create a rule for test purposes to block all traffic going to port 4002 so I can then add a specific IP that is allowed to connect for RDP. I've tried this so many times and nothing works. Can someone please advise me what is the best way to block all traffic to a specific port other than specific IP's that are allowed? Every time I've tried this to connect my other home computer using local network IP and my internet connection IP my other computer is able to still connect through RDP and the rule doesn't work. Something has to be overriding the rules I create is my only guess. My Windows 11 PC has been changed to port 4002 in regedit. Edited August 30 by azseang Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted August 30 Administrators Share Posted August 30 You should put the permissive rule above the blocking rule that blocks network communication on the local port 4002. Remove the remote port as it is selected automatically by Windows on the computer from which the communication is initiated. Quote Link to comment Share on other sites More sharing options...
azseang 0 Posted August 30 Author Share Posted August 30 20 minutes ago, Marcos said: You should put the permissive rule above the blocking rule that blocks network communication on the local port 4002. Remove the remote port as it is selected automatically by Windows on the computer from which the communication is initiated. Thanks for the quick response. I haven't created a permissive rule yet as I'm trying to confirm that the rule will block any attempts on that port. I removed the remote port and tried again. I even connected my other PC to a VPN wondering if being within the same network could have something to do with it. I'm still able to connect RDP within and from outside my local network. It's as if the rule isn't even there to block traffic on that port and connects right through it. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted August 30 Administrators Share Posted August 30 Try to put the blocking rule above the default (built-in) rules then. Quote Link to comment Share on other sites More sharing options...
azseang 0 Posted August 30 Author Share Posted August 30 43 minutes ago, Marcos said: Try to put the blocking rule above the default (built-in) rules then. That worked! Thank you, I'm finally making progress. Now I added a new permission for my local network and internet IP. I've tried having the permission above and below the blocking rule but the blocking rule seems overrule the allowed IP's and nothing gets through. Is there a way to create the blocking rule with an exception for the IP's I want to allow in? Thanks again for your help, really appreciate it after struggling with this for too long. Quote Link to comment Share on other sites More sharing options...
azseang 0 Posted August 30 Author Share Posted August 30 37 minutes ago, azseang said: That worked! Thank you, I'm finally making progress. Now I added a new permission for my local network and internet IP. I've tried having the permission above and below the blocking rule but the blocking rule seems overrule the allowed IP's and nothing gets through. Is there a way to create the blocking rule with an exception for the IP's I want to allow in? Thanks again for your help, really appreciate it after struggling with this for too long. I tried changing the permission rule to "Any" instead of specific IP's and I'm able to connect. But if I add the local or internet ip address to connect within or from outside local network the block rule stops it again. Can't figure out how to make the exception for the one IP while blocking all others. Quote Link to comment Share on other sites More sharing options...
itman 1,751 Posted August 30 Share Posted August 30 (edited) 4 minutes ago, azseang said: I tried changing the permission rule to "Any" instead of specific IP's and I'm able to connect. But if I add the local or internet ip address to connect within or from outside local network the block rule stops it again. Can't figure out how to make the exception for the one IP while blocking all others. My guess is the fact that you have specified a localhost IP address. The Eset firewall will assume the localhost IP address is the IPv4/6 address assigned via DHCP to the local device. Remove the localhost IP address and see if your allow RDP rule now works. Edited August 30 by itman Quote Link to comment Share on other sites More sharing options...
azseang 0 Posted August 30 Author Share Posted August 30 (edited) 27 minutes ago, itman said: My guess is the fact that you have specified a localhost IP address. The Eset firewall will assume the localhost IP address is the IPv4/6 address assigned via DHCP to the local device. Remove the localhost IP address and see if your allow RDP rule now works. I've tried every possible way I can think of. If I have any IP address specified for local or remote host the block rule stops the connection. If I add either the local or remote address or both nothing can connect and I get a notification for the block rule stopping the connection. The only way it's connecting now is if I have both local and remote set to any for the allow rule. Then I get the allow rule notification after connecting through RDP. Is there any way to do this with one rule? Block all with an exception for the IP I want to be able to connect? When I try to allow either local or remote IP the block rule seem to overrule the allow rule. I've tried changing the order of the rules also with the same result. The only way any connection goes through is if I have the allow rule set to "any" for remote and local host. Edited August 30 by azseang Quote Link to comment Share on other sites More sharing options...
azseang 0 Posted August 30 Author Share Posted August 30 58 minutes ago, itman said: My guess is the fact that you have specified a localhost IP address. The Eset firewall will assume the localhost IP address is the IPv4/6 address assigned via DHCP to the local device. Remove the localhost IP address and see if your allow RDP rule now works. I tried connecting to a VPN and adding the VPN IP address to the allow rule and was able to get connected. So I think it might be working. Very confused by why when I add my home ip address where I'm testing this from I can't get the allow rule to work for my own IP. But the VPN IP gets through. Also can't connect locally if I have any IP address under remote host. Any idea what would cause this? I just want to be confident this is working correctly. Thanks for your help. Quote Link to comment Share on other sites More sharing options...
Solution itman 1,751 Posted August 30 Solution Share Posted August 30 1 hour ago, azseang said: I tried connecting to a VPN and adding the VPN IP address to the allow rule and was able to get connected. So I think it might be working. Believe I know what is the problem. The Eset firewall is stateful. That is it is not going to allow any inbound TCP traffic unless it was in response to a prior outbound TCP request. Assumed is Eset set up an internal rule exception for local port 3389 which is the default port for RDP. Review Eset default firewall rules for RDP for further reference. Quote Link to comment Share on other sites More sharing options...
azseang 0 Posted August 30 Author Share Posted August 30 29 minutes ago, itman said: Believe I know what is the problem. The Eset firewall is stateful. That is it is not going to allow any inbound TCP traffic unless it was in response to a prior outbound TCP request. Assumed is Eset set up an internal rule exception for local port 3389 which is the default port for RDP. Review Eset default firewall rules for RDP for further reference. Thank you again for the help. I've done several other tests from two other computers using both a VPN and mobile wifi hotspot. When I allow those IP's I can connect. So I'm pretty sure it's doing what I want.. Wish I would have tested the VPN earlier on before wasting a ton of time confused why I couldn't connect from my own home IP. As long as it seems to be working the way I want to only allow the specific IP's I don't need to connect from my home IP anyways, that was just for testing so I'll just leave that as it is and stay confused about that one. lol Thank you @itman and @Marcos for the quick responses. I really appreciate it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.