1

I want to allow an application on a Windows 7 Professional System to only be accessible through the OpenVPN TAP adapter by configuring the Windows Firewall accordingly. Unfortunately I cannot find an option therefor. I found out that it is possible to allow applications on certain NIC-types, but the OpenVPN adapter is recognized as an Ethernet adapter and I do not want the application to be accessible through ethernet adapters other than the TAP adapter. I currently circumvent this issue by allowing the application on all adapters but only from a certain source network. However this network might change in the future whereas the TAP's name might not. For better understanding, I'd like to have an equivalent to the iptables rule:

 iptables -I INPUT -i tun0 -p tcp --dport 5900 -j ACCEPT

Where the magic word is -i tun0.

Richard Neumann
  • 144
  • 1
  • 8

1 Answers1

1

When creating your firewall rule in Windows using the Inbound / outbound rule Wizard, check the Custom Rule button.

It will open up more options, including Scope in which you can designate which IP range you want to allow traffic into.

Simply specify which local IP the rule applies to, and fill out the rest of the options as you navigate the wizard.

Tad
  • 26
  • 4
  • This does not address the problem at all. I am already filtering by the source network as I mentioned. And this network will change in the future. Thus, filtering by the local (VPN) IP address does not solve this problem. The local ethernet IP address, however, is dynamically given by a DHCP server that I do not control. I am explicitely looking for an option to filter by the NIC (network device), not any network, IP address, socket or whatever. – Richard Neumann Jul 20 '16 at 07:20
  • 1
    Unfortunately that is not possible in Windows 7 / 2k8 as it only binds to network types. You can refer here for the duplicate thread -http://serverfault.com/questions/229545/how-to-configure-different-firewall-rules-on-2-different-network-cards-in-window – Tad Jul 20 '16 at 12:30
  • That'd be disappointing. – Richard Neumann Jul 20 '16 at 14:58