Application-Specific Firewall Rules

1 min read Web Security Fundamentals

Application-Specific Firewall Rules

Modern web applications often require additional ports and services beyond basic HTTP/HTTPS. Creating application-specific rules ensures all components function properly while maintaining security.

Configure rules for database connectivity:

# SQL Server
New-NetFirewallRule -DisplayName "SQL Server" `
    -Direction Inbound `
    -Protocol TCP `
    -LocalPort 1433 `
    -RemoteAddress 10.2.0.0/16 `
    -Action Allow `
    -Program "C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlservr.exe"

# MySQL
New-NetFirewallRule -DisplayName "MySQL Database" `
    -Direction Inbound `
    -Protocol TCP `
    -LocalPort 3306 `
    -RemoteAddress 10.2.0.0/16 `
    -Action Allow

# Redis Cache
New-NetFirewallRule -DisplayName "Redis Cache" `
    -Direction Inbound `
    -Protocol TCP `
    -LocalPort 6379 `
    -RemoteAddress 10.2.0.0/16 `
    -Action Allow

Configure rules for monitoring and backup:

# SNMP Monitoring
New-NetFirewallRule -DisplayName "SNMP" `
    -Direction Inbound `
    -Protocol UDP `
    -LocalPort 161 `
    -RemoteAddress 10.3.0.0/24 `
    -Action Allow

# Backup Software
New-NetFirewallRule -DisplayName "Backup Agent" `
    -Direction Inbound `
    -Protocol TCP `
    -LocalPort 10000-10010 `
    -RemoteAddress 10.4.0.0/24 `
    -Action Allow