This rule doesn't tell Windows Firewall to block a connection. This rule tells Windows Firewall to allow a connection. So, this rule does not provide the behavior you are asking for.
If you want a firewall to deny all other connections than the ones you specifically allow, then there is usually an implicit or explicit Deny All
at the bottom of the ACL list. Windows firewall uses an implicit Deny All
by default. However, you can change this behavior. Therefore, first check that your Windows Firewall is configured to block all inbound connections:
- Open Control Panel -> Windows Defender Firewall
- Click Advanced settings
- Adjust the default action for each profile:
Now that you have an implicit Deny All
to block all connections that are not specifically allowed, you will need to identify any other rules that would be allowing port 5900(VNC) from a different IP address, because the rule you provided does not do that.
- Open Control Panel -> Windows Defender Firewall
Open Control Panel -> Windows Defender Firewall
- Click 'Allow an app or feature through Windows Defender Firewall'
Click 'Allow an app or feature through Windows Defender Firewall'
- Search through the list of 'Allowed apps and features' and remove anything related to the VNC executable that you have installed.
Search through the list of 'Allowed apps and features' and remove anything related to the VNC executable that you have installed.
Next:
Next:
- Click 'OK' in the Allowed Apps window so you are back to the Windows Defender Firewall page.
Click 'OK' in the Allowed Apps window so you are back to the Windows Defender Firewall page.
- Click 'Advanced settings'
Click 'Advanced settings'
- Choose 'Inbound Rules' on the left
Choose 'Inbound Rules' on the left
- Click the
Local Port
header to sort the list of firewall rules by the local port number.Click the
Local Port
header to sort the list of firewall rules by the local port number. - Find any rules that cover port 5900 either directly or through a range. Be sure to look through all the port numbers assigned to a specific rule:
Find any rules that cover port 5900 either directly or through a range. Be sure to look through all the port numbers assigned to a specific rule:
Remove any rule that allows port 5900 in a way that you do not want.