Configuring Windows Firewall for an Application

Question

How to do to prevent access to the Internet to all programs except Google Chrome?

"All programs" is a user or system, too, do you want to cut?
In general terms, you need to register a prohibiting rule (or disable the allowing one) for all ports except 53 (DNS), 80 (HTTP), 443 (HTTPS).

Answer 1 · 2017-09-07T04:52:06

If we are talking about the built-in firewall, then you need to change its rules. Previously, you can save the actual configuration (for example, to the file old.wfw) with the following command:

netsh advfirewall export c:\temp\old.wfw

Return the rules back, respectively:

 netsh advfirewall import c:\temp\old.wfw

You can then delete all active rules or disable them. After that, you need to switch the firewall to block all connections:

 netsh advfirewall set currentprofile firewallpolicy blockinbound,blockoutbound

Then you need to add a rule for DNS queries (if needed)

 netsh advfirewall firewall add rule name="DNSquery" dir=out action=allow protocol=UDP remoteport=53 enable=yes

And finally, the rule for the browser (for 32-bit Windows):

 netsh advfirewall firewall add rule name="Browser" dir=out action=allow program="%ProgramFiles%\Google\Chrome\Application\chrome.exe" protocol=any enable=yes

PS If the proper operation of the autoconfiguration of the IP protocol of network interfaces is necessary, you can leave the rules relating to the operation of the DHCP protocol active. PPS To restore the default configuration of the firewall, use the command

 netsh advfirewall reset

Do not forget that the specified control commands are executed in the console with administrator rights and are valid only for firewalls of NT6 operating systems (older than XP / Srv2003)

Configuring Windows Firewall for an Application

1 answer 1

More articles: