Windows Firewall allows connection from any IP regardless of rule that only allow a specific IP

Question

I have configured the Windows Firewall to Block (default) incoming connection on the public profile.

Windows Firewall Public profile shows incoming connection as blocked

I have created a rule for a port (in this case, this is Sql Server) that explicitly states that only my office static IP is allowed.

SqlPort 1433 is allowed for my IP only

If I test from my office, I am able to connect to the port. I was expecting that anybody outside the office would not be able to connect, but this is not the case. I asked a friend to telnet the port to see if it would reply and it does even if he's not on my network.

I am a bit confuse here. Shouldn't it block everybody but the given IP? Is my server completely unsecured?

The server is a dedicated Windows 2008 R2.

Note, I am a programmer which, by a turn of event, now has to manage this server. It is basically hosting our intranet and the database behing it.

As requested, this is the complete list of active rules in the firewall

Complete list of active rules in the firewall

On which computer is this rule set? And what are the rest of the firewall rules? — HopelessN00b, Sep 25 '12 at 21:44
When he connects' what's the IP that is logged as the remote IP? Is it possible that he's connecting via an internal proxy. — Chris Nava, Sep 25 '12 at 21:54
@ChrisNava no he was not using a proxy, since this friend does not work here. I didn't note his IP though in the log file. I will ask him again. — Pierre-Alain Vigeant, Sep 26 '12 at 14:02
Look at the rule for SQLPort: The remote address is invalid. For all I know the MS firewall will threat that as ANY. It should read "Local Subnet" — Tonny, Sep 26 '12 at 14:51
The address is actually redacted. It is a valid IPv4 address. — Pierre-Alain Vigeant, Sep 26 '12 at 15:03
@Pierre-AlainVigeant I see. Would have been nice to have mentioned that in to info. There was no way to tell that from the screenshot — Tonny, Sep 26 '12 at 15:25

score 0 · Accepted Answer · answered Sep 26 '12 at 15:20

We found the culprit in the other rule named "SQL Server Remote Debuger" (sic) which allowed access to Sql Server from any IP on any port.

The fact that this rule is named incorrectly make me think that it was added by someone who worked on the server before me. A Google search didn't return anything for that rule name with the typo.

Windows Firewall allows connection from any IP regardless of rule that only allow a specific IP

1 Answers1