Add an Inbound Rule for an executable to Windows Firewall

As of Server 2008 R2 I’m now leaving the firewall switched on for all servers, and adding inbound rules (exceptions) where necessary during application installation. Outbound connections are all allowed by default and I’m not changing this. Note that some software created inbound rules for itself when you install it, which is handy.

I prefer adding exceptions to Windows Firewall by executable rather than by port. It means that if you reconfigure the software to talk on a different port, it just works – no firewall changes necessary. It also means that if something kills your application and tries to pretend to be it by listening on the same port, it’s less likely to work.

You can identify the executable that you need to add a rule for by a few different methods:

  1. From Server Manager, expand Configuration, Windows Firewall with Advanced Security
  2. Right-click Inbound Rules, choose New Rule…
  3. Choose Program:

    Click Next.
  4. Choose This program path: and enter the file path.

    Note that paths with spaces should not be enclosed within double quotes.
    Click Next.
  5. Choose Allow the connection:

    Click Next.
  6. Choose what type of networks you want the rule to be activated for. Personally I only choose Domain:

    Click Next
  7. Give the rule a name, ideally including the name of the application and the executable. You can give it a description too if necessary.
    Click Finish.
  8. The new rule will be listed at the top of the Inbound Rules list:
This entry was posted in Windows and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.