Windows equivalent of iptables?

One way would be with the netsh command:

• netsh firewall (deprecated after XP and 2003)
• netsh advfirewall (Vista, 7, and 2008)

The below is from: https://support.microsoft.com/en-us/kb/947709

Example 1: Enable a program

Old command New command

netsh firewall add allowedprogram C:\MyApp\MyApp.exe "My Application" ENABLE    
netsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\MyApp\MyApp.exe" enable=yes
netsh firewall add allowedprogram program=C:\MyApp\MyApp.exe name="My Application" mode=ENABLE scope=CUSTOM addresses=157.60.0.1,172.16.0.0/16,LocalSubnet profile=Domain   netsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\MyApp\MyApp.exe" enable=yes remoteip=157.60.0.1,172.16.0.0/16,LocalSubnet profile=domain
netsh firewall add allowedprogram program=C:\MyApp\MyApp.exe name="My Application" mode=ENABLE scope=CUSTOM addresses=157.60.0.1,172.16.0.0/16,LocalSubnet profile=ALL  

Run the following commands:

netsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\MyApp\MyApp.exe" enable=yes remoteip=157.60.0.1,172.16.0.0/16,LocalSubnet profile=domain

netsh advfirewall firewall add rule name="My Application" dir=in action=allow program="C:\MyApp\MyApp.exe" enable=yes remoteip=157.60.0.1,172.16.0.0/16,LocalSubnet profile=private

For more information about how to add firewall rules, run the following command:

netsh advfirewall firewall add rule ?

Example 2: Enable a port

Old command New command

netsh firewall add portopening TCP 80 "Open Port 80"    
netsh advfirewall firewall add rule name="Open Port 80" dir=in action=allow protocol=TCP localport=80

For more information about how to add firewall rules, run the following command:

netsh advfirewall firewall add rule ?

Example 3: Delete enabled programs or ports

Old command New command

netsh firewall delete allowedprogram C:\MyApp\MyApp.exe netsh advfirewall firewall delete rule name=rule name program="C:\MyApp\MyApp.exe"
delete portopening protocol=UDP port=500    netsh advfirewall firewall delete rule name=rule name protocol=udp localport=500

For more information about how to delete firewall rules, run the following command:

netsh advfirewall firewall delete rule ?

Example 4: Configure ICMP settings

Old command New command

netsh firewall set icmpsetting 8    netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow
netsh firewall set icmpsetting type=ALL mode=enable netsh advfirewall firewall add rule name="All ICMP V4" protocol=icmpv4:any,any dir=in action=allow
netsh firewall set icmpsetting 13 disable all   netsh advfirewall firewall add rule name="Block Type 13 ICMP V4" protocol=icmpv4:13,any dir=in action=block

For more information about how to configure ICMP settings, run the following command:

netsh advfirewall firewall add rule ?

Example 5: Set logging

Old command New command netsh firewall set logging %systemroot%\system32\LogFiles\Firewall\pfirewall.log 4096 ENABLE ENABLE Run the following commands:

netsh advfirewall set currentprofile logging filename %systemroot%\system32\LogFiles\Firewall\pfirewall.log

netsh advfirewall set currentprofile logging maxfilesize 4096
netsh advfirewall set currentprofile logging droppedconnections enable

netsh advfirewall set currentprofile logging allowedconnections enable

For more information, run the following command:

netsh advfirewall set currentprofile ?

If you want to set logging for a particular profile, use one of the following options instead of the "currentprofile" option:
Domainprofile
Privateprofile
Publicprofile

Example 6: Enable Windows Firewall

Old command New command

netsh firewall set opmode ENABLE    netsh advfirewall set currentprofile state on
netsh firewall set opmode mode=ENABLE exceptions=enable 

Run the following commands:

Netsh advfirewall set currentprofile state on 

netsh advfirewall set currentprofile firewallpolicy blockinboundalways,allowoutbound
netsh firewall set opmode mode=enable exceptions=disable profile=domain 

Run the following commands:

Netsh advfirewall set domainprofile state on 

netsh advfirewall set domainprofile firewallpolicy blockinbound,allowoutbound
netsh firewall set opmode mode=enable profile=ALL   Run the following commands:

netsh advfirewall set domainprofile state on 

netsh advfirewall set privateprofile state on

For more information, run the following command:

netsh advfirewall set currentprofile ?

If you want to set the firewall state for a particular profile, use one of the following options instead of the "currentprofile" option: Domainprofile
Privateprofile
Publicprofile

Example 7: Restore policy defaults

Old command New command

netsh firewall reset
netsh advfirewall reset

For more information, run the following command: netsh advfirewall reset ? Example 8: Enable specific services

Old command New command netsh firewall set service FileAndPrint netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes netsh firewall set service RemoteDesktop enable netsh advfirewall firewall set rule group="remote desktop" new enable=Yes netsh firewall set service RemoteDesktop enable profile=ALL Run the following commands:

netsh advfirewall firewall set rule group="remote desktop" new enable=Yes profile=domain

netsh advfirewall firewall set rule group="remote desktop" new enable=Yes profile=private

WIPFW looks very promising, especially if your after that iptables rule creation flavor.

There is a built-in firewall in XP, Server 2003 and later releases.

It has an API through which you can programatically change, enable, and disable rules.