iptables on Windows10
The Windows Filtering Platform, upon which the Windows Firewall is built, does not (directly) support inspecting packet contents. As such, implementing this particular condition (-m string --hex-string '|FF01|'
) is not possible.
To achieve this functionality, a so-called “Windows Filtering Platform Callout Driver” is necessary. As the name implies, these are a kernel-mode drivers. They can perform deep inspection of packet data and set actions like blocking a packet.
On 64-bit Windows, kernel drivers need to be code-signed.
You may also be able to achieve the same using a third-party firewall solution.
The simplest solution is to not use Windows though.
Related videos on Youtube
Marcos Tomassi
Updated on September 18, 2022Comments
-
Marcos Tomassi over 1 year
I'm looking for a way to get iptables functionality in windows 10. I enabled IP routing and I need to forward tcp data to another host (port 4000) and then forward his response while masquerading IP. In linux I was able to do this using the following:
iptables -A INPUT -p tcp --dport 4000 -m string --hex-string '|FF01|' --algo bm -j DROP iptables -A INPUT -p tcp --dport 4000 -m string --hex-string '|1400|' --algo bm -j REJECT
Thanks guys!
-
Biswapriyo about 5 yearsWhat do those commands do?
-
Nathan.Eilisha Shiraini about 5 yearsHello, and welcome to SuperUser! Windows does not have an exact equivalent of
iptables
, so you will have to provide more detail. In particular, what is the goal of the commands you list? You mentionned forwarding and masquerading, but the commands are doing it at all. Also, why the hex string matching? This may be an X Y Problem. -
Marcos Tomassi about 5 yearsHello! thanks, what I need is to control the traffic of ip addresses that try to enter port 4000, if I block the hex string that I mentioned earlier, I can block those ip so they do not attack my port. If there is a program for windows that works the same, let me know. I hope it is understood, thank you very much!
-
Nathan.Eilisha Shiraini about 5 yearsIf you want to block some specific IPs, can you explicitely state that in your question by editing it? Right now, you are asking how to perform traffic redirection and masquerading, which is an entirely different thing.
-
-
Marcos Tomassi about 5 yearsWell and where do I have to put:-m string --hex-string '| FF01 |' - something bm -j DROP Thank you!
-
Andy about 5 yearsYou mentioned that your hex string was an IP address. Put the IP address in on the scope page, unencoded.