Which Firewall Rule Allows 1433 TCP Port

Question

First of all this does not contain my answer.

I want to find which firewall rule allows specific port 1433

In my server, Plesk has been installed and "MS SQL over TCP protocol" firewall rule is disabled. Somehow I can connect to the SQL Server from remote connection. There is one firewall rule allows 1433 TCP Connection but which one? Is there any command to find which firewall rule allows 1433.

Yes this is not programming question. I asked command in CMD or Powershell. Do you know the answer? — Fatih TAN, Feb 07 '20 at 08:01
I am not sure about anyone else, but this is a rule I have always had to add myself. — JMabee, Feb 07 '20 at 12:12
What don't you understand? The firewall rule top open up port 1433 is not created automatically. You have to create that rule on your own. — JMabee, Feb 07 '20 at 12:52
When plesk is installed some firewall rules have been created automatically. — Fatih TAN, Feb 07 '20 at 13:05

score 0 · Answer 1 · answered Feb 08 '20 at 10:10

0

Source

Run as administrator

cls
Get-NetFirewallPortFilter | Where-Object { $_.LocalPort -Eq "1433" } | Get-NetFirewallRule |
Format-Table -Autosize -Property DisplayName,
@{Name='Protocol';Expression={($PSItem | Get-NetFirewallPortFilter).Protocol}},
@{Name='LocalPort';Expression={($PSItem | Get-NetFirewallPortFilter).LocalPort}},
@{Name='RemotePort';Expression={($PSItem | Get-NetFirewallPortFilter).RemotePort}},
@{Name='RemoteAddress';Expression={($PSItem | Get-NetFirewallAddressFilter).RemoteAddress}},
Enabled, Profile, Direction, Action

answered Feb 08 '20 at 10:10

lptr

1
2
6
16

Result is MS SQL over TCP protocol TCP. However, Enabled property is False. So, This does not give me correct result. – Fatih TAN Feb 09 '20 at 12:25
Port configuration can get pretty complex, multiple rules in a string, like: "1433, 1434, 1435 - 1440". $_.LocalPort -Eq "1433" assumes a single port configuration. You might want to adjust the where condition $_.LocalPort -Eq "1433" to parse the value of $_.LocalPort, (split it by commas, create ranges if pairs are delimited by - and find if port 1433 is covered by any rule) – lptr Feb 09 '20 at 12:33

score 0 · Answer 2 · answered Apr 23 '20 at 12:09

Easiest way to figure this out is through netevents.

Start command line as administrator.
Run netsh wfp cap start keywords=19
Let the traffic flow through port 1433
Run netsh wfp cap stop
Open Wfpdiag.xml in Wfpdaig.cab generated by above step.
Search for all NetEvents with <localPort>1433</localPort> and get filterId from <classifyAllow>
Search for the filterId and the <displayData> should tell you which rule allowed the packet.

Which Firewall Rule Allows 1433 TCP Port

2 Answers2