Is there any way to instruct windows firewall to send Reset packets for a blocked TCP connection instead of dropping the packet?
-
1Why would you want to do that?– DavidPostill ♦Commented Sep 1, 2022 at 18:42
-
1So anyone who tries to connect doesn't wait for the connection to time out after 30 seconds. The polite way to block a connection is to sent reset packets.– dcom-launchCommented Sep 1, 2022 at 18:59
1 Answer
You are trying to Disable stealth mode in Windows, described as:
Windows Server or Windows client computers do not send Transmission Control Protocol (TCP) reset (RST) messages or Internet Control Message Protocol (ICMP) unreachable packets across a port that does not have a listening application. Several applications rely on the behavior that is described in RFC 793, "Reset Generation," Page 35f. These applications require the TCP RST packet or ICMP unreachable packet as a response if they knock on a port that has no listener. If they don't receive this response, the applications might not be able to run correctly on Windows. Typically, the effect of this dependency is that stealth mode may cause a 20-second delay for regular TCP applications to reconnect if the remote peer loses the connection state and that notification packet doesn't reach the client.
This used to be possible and might still work. Here is how:
Run
regedit
Position to the key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy
Under this key you may find the following sub-keys for each domain:
DomainProfile
PrivateProfile
PublicProfile
StandardProfile
To disable stealth in a domain, create in it a REG_DWORD item named
DisableStealthMode
The value of the item is
1
to disable stealth, or0
to enable. The default is to enable.