I'm looking for a way to get iptables functionality in windows 10. I enabled IP routing and I need to forward tcp data to another host (port 4000) and then forward his response while masquerading IP. In linux I was able to do this using the following:
iptables -A INPUT -p tcp --dport 4000 -m string --hex-string '|FF01|' --algo bm -j DROP
iptables -A INPUT -p tcp --dport 4000 -m string --hex-string '|1400|' --algo bm -j REJECTThanks guys!
42 Answers
The Windows Filtering Platform, upon which the Windows Firewall is built, does not (directly) support inspecting packet contents. As such, implementing this particular condition (-m string --hex-string '|FF01|') is not possible.
To achieve this functionality, a so-called “Windows Filtering Platform Callout Driver” is necessary. As the name implies, these are a kernel-mode drivers. They can perform deep inspection of packet data and set actions like blocking a packet.
On 64-bit Windows, kernel drivers need to be code-signed.
You may also be able to achieve the same using a third-party firewall solution.
The simplest solution is to not use Windows though.
Windows Firewall has a similar style of rules to block certain IPs from entering on a port.
- Open Windows Defender Firewall with Advanced Security. It should appear if you search Windows Firewall in the Start menu
- From the left pane, select inbound rules
- From the right pane, select New Rule
- Rule Type: Choose Custom
- Program: Choose All Programs
- Protocol and Ports: Protocol Type is TCP, Local Port is Specific Port 4000. Remote port is unset.
- Scope: Enter the IPs and Ranges you want to block. Note that LAN IPs go in the upper box. WAN IPs go in the lower box
- Action: Block the connection
- Profile: Select all options
- Name: Set per your preferences. This has no effect on the rule.