- Consider a server socket and a client socket.
- The server socket endpoint is identified by the pair (IP/
Ws.Xs.Ys.Zs
, TCP port/Ps
). - When the client socket initiates a connection with the server socket, the client endpoint gets associated with the pair (IP/
Wc.Xc.Yc.Zc
, TCP Port/Pc
). - The client socket is a "Winsock".
- On the client machine, outbound traffic for port
Ps
is NOT blocked. - At connection time,
Pc
is automatically chosen in the pool of ephemeral/dynamic ports of the client machine. - The client socket sends a message
Mc
to the server socket. - The server socket responds and sends a message
Ms
back to the client socket. - This message will be addressed to the endpoint identified by (IP/
Wc.Xc.Yc.Zc
, TCP Port/Pc
).
Is there a way I can block this message Ms
by setting up a firewall rule in the "Inbound" section of the firewall on the client machine?
I have tried to set up such a rule but it seems not to block anything:
In the Windows firewall, in the "Inbound" rules section:
- "New Rule..." -> "Port"
- TCP
- Specific local ports: 49152-65535
(This is the dynamic ports range on the client machine (given by the command "netsh int ipv4 show dynamicport tcp")).
- Block the connection
- When does this rule apply? I checked: "Domain", "Private" and "Public".
Why is it not working? Why is Ms
not rejected by the firewall?
Is it because of the socket implementation? Something like: if the client socket could actually send its message to the server socket then the response from the server has to be accepted on (IP/ Wc.Xc.Yc.Zc
, TCP Port/ Pc
) even if there is a blocking rule in the firewall?
Or maybe, the rule I'm setting above is not actually blocking what I think it is blocking...
Thank you for helping. Best regards.