4

I'm looking for an equivalent for iptables in windows, recently my server has been getting hit by a DDoS and I know how to block it using iptables but not in Windows.

I'm looking to do something like the below, but in windows.

# Size of the udp packets:
iptables -N LENGTH_1062
iptables -I FILTER -j LENGTH_1062
iptables -A LENGTH_1062 -p udp -m udp -m length --length 1062 -j DROP
iptables -A LENGTH_1062 -j RETURN

# TTL 
iptables -N TTL_244
iptables -I FILTER -j TTL_244
iptables -A TTL_244 -p udp -m udp -m ttl --ttl-eq 244 -j DROP
iptables -A TTL_244 -j RETURN
petrus
  • 5,327
xna
  • 43
  • 2
    Hi - it might be worth putting your IP Tables commands into plain English because as a Windows admin I haven't got a clue what it's meant to mean. – Dan May 18 '12 at 08:30
  • Lol Dan, sorry.

    the first one detects if the packet size is 1062, if it is, it drops ithe packet.

    the second one detects if the TTL is 244, if it is, drops the packet.

     – xna May 18 '12 at 08:52
  • 1
    +1 interesting question! I've worked w/Windows firewalls for years now and, while not an expert, I've never seen one capable of what you ask. However, it's conceivable you might create a clunky batch script to handle some of these rules but it would be ugly. In general, I would say "no, it's not possible - use Linux". This is closest question: http://serverfault.com/questions/207620/windows-equivalent-of-iptables – Lizz Jan 05 '13 at 06:07
  • None, zero, sadly. – TomTom Jan 06 '13 at 14:39
  • http://serverfault.com/questions/207620/windows-equivalent-of-iptables and http://wipfw.sourceforge.net/ looks promising. – Antti Rytsölä Jan 08 '13 at 17:52

1 Answers1

1

The only real native firewall management within the Windows GUI (beyond enable/disable radio buttons) is handled in the 'Windows Firewall with Advanced Security' management console. Creating inbound and outbound rules, you will be able to match a rule configuration with each IPTable command you are seeking. If command line is required, import the NetSecurity PowerShell module where you can use cmdlets like New-NetFirewallRule and others to manage. Although not a one-to-one translation in your case.

Alternatively, might check out Windows Firewall Notifier, it basically enables firewall logging, parses in realtime and displays into a GUI where you can monitor and exceptions/rules to incoming and outgoing traffic. I've found it very useful in troubleshooting scenarios for traffic mgmt, then usually disable/remove after identifying the rule definitions and configuring in the Advanced Security console. Link: http://wokhan.online.fr/progs.php?sec=WFN

Sean C
  • 11