Configuring Windows Firewall for Web Sites, FTP and DNS

In this article, I'll show you how to configure Windows Firewall for a server that hosts sites and FTP, as well as DNS. There is nothing supernatural in this procedure, except that it will be necessary in IIS Manager to configure the port range for the passive mode of the FTP server.

We go to our server, go to the IIS manager, we go to the Firewall FTP support point on the server's main page.

And in it we specify the range of the data channel ports.

After that, go to inbound rules, in the advanced setting of Windows Firewall.

Here you need to create rules. For FTP, HTTP, HTTPS, DNS - open the TCP ports 20, 21, 53, 80, 443 and the range of ports specified in the previous step. For DNS, it is also necessary to open UDP port 53. Also, if desired, you can open the ICMP protocol, which would allow pings to our server.

In order to open TCP ports we add a new rule, select port, click next.

Select TCP to enter comma-separated ports that must be opened, possibly using ranges through a dash. We press next.

Select Allow Connection.

In the next step, select to which profiles the rule will apply, I chose Public, because I set these rules for the external network.

At the last step, we give the name to the rule.

In order to open UDP ports, you need to do all the same, only on the second step we select for the TCP - UDP space.

To open ICMP, you need to create a new rule and in the first step select Custom.

Next, we choose that the rule would apply to all programs.

In the protocols we select ICMPv4, if desired, you can select which requests are allowed (the Customize button ...).

At the next step, you can select which networks are allowed queries, and the last steps are the same as when configuring ports. Also, if you have IPv6 enabled on your server, you can allow ICMPv6 requests, for this, repeat the steps, but for the ICMPv4 protocol location, select ICMPv6.

Configuration of windows firewall have been comleted.