How do I configure the Windows firewall to block communication with all except one IP address?
up vote
5
down vote
favorite
so I am the admin of a club laptop, which runs on windows 10, and is connected to the internet via an usb stick with a sim card, which unfortunately has limited internet, so to prevent people from watching for example youtube videos, i want to block all websites,but one, which is the club site.
Is there any way of doing this with the windows firewall?
Thanks for all help!
networking windows-10 windows-firewall
This question has an open bounty worth +50
reputation from 1.21 gigawatts ending tomorrow.
This question has not received enough attention.
Same situation as OP. Setting up a library computer with access to Wikipedia. No myspace, no system updates, no background updates, nothing.
add a comment |
up vote
5
down vote
favorite
so I am the admin of a club laptop, which runs on windows 10, and is connected to the internet via an usb stick with a sim card, which unfortunately has limited internet, so to prevent people from watching for example youtube videos, i want to block all websites,but one, which is the club site.
Is there any way of doing this with the windows firewall?
Thanks for all help!
networking windows-10 windows-firewall
This question has an open bounty worth +50
reputation from 1.21 gigawatts ending tomorrow.
This question has not received enough attention.
Same situation as OP. Setting up a library computer with access to Wikipedia. No myspace, no system updates, no background updates, nothing.
add a comment |
up vote
5
down vote
favorite
up vote
5
down vote
favorite
so I am the admin of a club laptop, which runs on windows 10, and is connected to the internet via an usb stick with a sim card, which unfortunately has limited internet, so to prevent people from watching for example youtube videos, i want to block all websites,but one, which is the club site.
Is there any way of doing this with the windows firewall?
Thanks for all help!
networking windows-10 windows-firewall
so I am the admin of a club laptop, which runs on windows 10, and is connected to the internet via an usb stick with a sim card, which unfortunately has limited internet, so to prevent people from watching for example youtube videos, i want to block all websites,but one, which is the club site.
Is there any way of doing this with the windows firewall?
Thanks for all help!
networking windows-10 windows-firewall
networking windows-10 windows-firewall
edited Mar 28 '16 at 13:34
a CVn
24.2k873118
24.2k873118
asked Mar 28 '16 at 13:21
Leon Schweiger
2612
2612
This question has an open bounty worth +50
reputation from 1.21 gigawatts ending tomorrow.
This question has not received enough attention.
Same situation as OP. Setting up a library computer with access to Wikipedia. No myspace, no system updates, no background updates, nothing.
This question has an open bounty worth +50
reputation from 1.21 gigawatts ending tomorrow.
This question has not received enough attention.
Same situation as OP. Setting up a library computer with access to Wikipedia. No myspace, no system updates, no background updates, nothing.
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
4
down vote
I would suggest the following approach:
- Save the current firewall rules
- Set the default outbound firewall policy to block all
- Delete all outbound firewall rules
- Add a single rule to allow your website
Below are the directions in detail.
Save the current firewall rules
- Start Windows Defender Firewall with Advanced Security
- Right-click the upper item - Windows Defender Firewall with Advanced Security
- Select Export Policy...
- Follow the prompts to save.
Set the default outbound firewall policy to block all
- Right-click again the upper item - Windows Defender Firewall with Advanced Security
- Select Properties
- Switch Outbound connections from "Allow (default)" to "Block"
Delete all outbound firewall rules
- Click on Outbound Rules
- Click on the middle pane on some item to set the focus
- Type Ctrl+A to select all the rules
- Right-click any selected rule and choose Delete
Add a single rule to allow your website
- Still in Outbound Rules, click in the Actions pane on *New Rule"
- Select Custom and Next
- Leave selected All programs and click Next
- Leave Protocol Type as Any and click Next
- In Scope, under Which remote IP addresses does this rule apply to?,
select These IP addresses:
- Click Add... and enter the IP address of your website and click OK
- Click Next
- Select Allow the connection and click Next
- Leave all profiles checked and click Next
- Give a name to your rule and click Finish
Undoing this configuration
To return to normal unblocked rules :
- Start Windows Defender Firewall with Advanced Security
- Right-click the upper item - Windows Defender Firewall with Advanced Security
- Select Import Policy... and point to the save file created in the first step.
You could also save the blocked state, so it may quickly be reset again
by using the Import Policy command as above.
In answer to the query about making it work for
wikipedia.org,
I believe the problem has arrived in the above step of
"Add a single rule to allow your website", which was badly written
(corrected now).
This step needs to be filled as follows, where the IP range is
91.198.174.192/27
(found in
this article):
Thank you for the thorough instructions. In the Properties dialog it has three tabs, Domain, Public and Private. Which one do I apply these steps to? Do I need to modify the inbound rules?
– 1.21 gigawatts
2 days ago
In your image you have private tab selected. In my setup it says "Public profile is active". I applied these instructions to all "zones" and added an exception for the IP and it is not connecting.
– 1.21 gigawatts
2 days ago
1
My step "Add a single rule to allow your website" was badly written and misleading. I have added an image for this step at the end of my answer, tested on Windows 10 Pro.
– harrymc
yesterday
1
That depends on the type of your network. Normally for your network inside your building and connected to your router you would mark it as private, while if you take the computer to an Internet cafe or connect to some outside public network you would mark this network as public for better protection. I used Private because I didn't think that Public could possibly be involved. You may do the same with Public if you think that some visitor could bypass your setting by connecting from your computer to an outside network with WiFi.
– harrymc
1 hour ago
1
The type of your network is set by yourself on first connection, that is when Windows asks you the question for the type of the network. You can verify the type of your network in Control Panel > Network Connections.
– harrymc
1 hour ago
|
show 7 more comments
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
4
down vote
I would suggest the following approach:
- Save the current firewall rules
- Set the default outbound firewall policy to block all
- Delete all outbound firewall rules
- Add a single rule to allow your website
Below are the directions in detail.
Save the current firewall rules
- Start Windows Defender Firewall with Advanced Security
- Right-click the upper item - Windows Defender Firewall with Advanced Security
- Select Export Policy...
- Follow the prompts to save.
Set the default outbound firewall policy to block all
- Right-click again the upper item - Windows Defender Firewall with Advanced Security
- Select Properties
- Switch Outbound connections from "Allow (default)" to "Block"
Delete all outbound firewall rules
- Click on Outbound Rules
- Click on the middle pane on some item to set the focus
- Type Ctrl+A to select all the rules
- Right-click any selected rule and choose Delete
Add a single rule to allow your website
- Still in Outbound Rules, click in the Actions pane on *New Rule"
- Select Custom and Next
- Leave selected All programs and click Next
- Leave Protocol Type as Any and click Next
- In Scope, under Which remote IP addresses does this rule apply to?,
select These IP addresses:
- Click Add... and enter the IP address of your website and click OK
- Click Next
- Select Allow the connection and click Next
- Leave all profiles checked and click Next
- Give a name to your rule and click Finish
Undoing this configuration
To return to normal unblocked rules :
- Start Windows Defender Firewall with Advanced Security
- Right-click the upper item - Windows Defender Firewall with Advanced Security
- Select Import Policy... and point to the save file created in the first step.
You could also save the blocked state, so it may quickly be reset again
by using the Import Policy command as above.
In answer to the query about making it work for
wikipedia.org,
I believe the problem has arrived in the above step of
"Add a single rule to allow your website", which was badly written
(corrected now).
This step needs to be filled as follows, where the IP range is
91.198.174.192/27
(found in
this article):
Thank you for the thorough instructions. In the Properties dialog it has three tabs, Domain, Public and Private. Which one do I apply these steps to? Do I need to modify the inbound rules?
– 1.21 gigawatts
2 days ago
In your image you have private tab selected. In my setup it says "Public profile is active". I applied these instructions to all "zones" and added an exception for the IP and it is not connecting.
– 1.21 gigawatts
2 days ago
1
My step "Add a single rule to allow your website" was badly written and misleading. I have added an image for this step at the end of my answer, tested on Windows 10 Pro.
– harrymc
yesterday
1
That depends on the type of your network. Normally for your network inside your building and connected to your router you would mark it as private, while if you take the computer to an Internet cafe or connect to some outside public network you would mark this network as public for better protection. I used Private because I didn't think that Public could possibly be involved. You may do the same with Public if you think that some visitor could bypass your setting by connecting from your computer to an outside network with WiFi.
– harrymc
1 hour ago
1
The type of your network is set by yourself on first connection, that is when Windows asks you the question for the type of the network. You can verify the type of your network in Control Panel > Network Connections.
– harrymc
1 hour ago
|
show 7 more comments
up vote
4
down vote
I would suggest the following approach:
- Save the current firewall rules
- Set the default outbound firewall policy to block all
- Delete all outbound firewall rules
- Add a single rule to allow your website
Below are the directions in detail.
Save the current firewall rules
- Start Windows Defender Firewall with Advanced Security
- Right-click the upper item - Windows Defender Firewall with Advanced Security
- Select Export Policy...
- Follow the prompts to save.
Set the default outbound firewall policy to block all
- Right-click again the upper item - Windows Defender Firewall with Advanced Security
- Select Properties
- Switch Outbound connections from "Allow (default)" to "Block"
Delete all outbound firewall rules
- Click on Outbound Rules
- Click on the middle pane on some item to set the focus
- Type Ctrl+A to select all the rules
- Right-click any selected rule and choose Delete
Add a single rule to allow your website
- Still in Outbound Rules, click in the Actions pane on *New Rule"
- Select Custom and Next
- Leave selected All programs and click Next
- Leave Protocol Type as Any and click Next
- In Scope, under Which remote IP addresses does this rule apply to?,
select These IP addresses:
- Click Add... and enter the IP address of your website and click OK
- Click Next
- Select Allow the connection and click Next
- Leave all profiles checked and click Next
- Give a name to your rule and click Finish
Undoing this configuration
To return to normal unblocked rules :
- Start Windows Defender Firewall with Advanced Security
- Right-click the upper item - Windows Defender Firewall with Advanced Security
- Select Import Policy... and point to the save file created in the first step.
You could also save the blocked state, so it may quickly be reset again
by using the Import Policy command as above.
In answer to the query about making it work for
wikipedia.org,
I believe the problem has arrived in the above step of
"Add a single rule to allow your website", which was badly written
(corrected now).
This step needs to be filled as follows, where the IP range is
91.198.174.192/27
(found in
this article):
Thank you for the thorough instructions. In the Properties dialog it has three tabs, Domain, Public and Private. Which one do I apply these steps to? Do I need to modify the inbound rules?
– 1.21 gigawatts
2 days ago
In your image you have private tab selected. In my setup it says "Public profile is active". I applied these instructions to all "zones" and added an exception for the IP and it is not connecting.
– 1.21 gigawatts
2 days ago
1
My step "Add a single rule to allow your website" was badly written and misleading. I have added an image for this step at the end of my answer, tested on Windows 10 Pro.
– harrymc
yesterday
1
That depends on the type of your network. Normally for your network inside your building and connected to your router you would mark it as private, while if you take the computer to an Internet cafe or connect to some outside public network you would mark this network as public for better protection. I used Private because I didn't think that Public could possibly be involved. You may do the same with Public if you think that some visitor could bypass your setting by connecting from your computer to an outside network with WiFi.
– harrymc
1 hour ago
1
The type of your network is set by yourself on first connection, that is when Windows asks you the question for the type of the network. You can verify the type of your network in Control Panel > Network Connections.
– harrymc
1 hour ago
|
show 7 more comments
up vote
4
down vote
up vote
4
down vote
I would suggest the following approach:
- Save the current firewall rules
- Set the default outbound firewall policy to block all
- Delete all outbound firewall rules
- Add a single rule to allow your website
Below are the directions in detail.
Save the current firewall rules
- Start Windows Defender Firewall with Advanced Security
- Right-click the upper item - Windows Defender Firewall with Advanced Security
- Select Export Policy...
- Follow the prompts to save.
Set the default outbound firewall policy to block all
- Right-click again the upper item - Windows Defender Firewall with Advanced Security
- Select Properties
- Switch Outbound connections from "Allow (default)" to "Block"
Delete all outbound firewall rules
- Click on Outbound Rules
- Click on the middle pane on some item to set the focus
- Type Ctrl+A to select all the rules
- Right-click any selected rule and choose Delete
Add a single rule to allow your website
- Still in Outbound Rules, click in the Actions pane on *New Rule"
- Select Custom and Next
- Leave selected All programs and click Next
- Leave Protocol Type as Any and click Next
- In Scope, under Which remote IP addresses does this rule apply to?,
select These IP addresses:
- Click Add... and enter the IP address of your website and click OK
- Click Next
- Select Allow the connection and click Next
- Leave all profiles checked and click Next
- Give a name to your rule and click Finish
Undoing this configuration
To return to normal unblocked rules :
- Start Windows Defender Firewall with Advanced Security
- Right-click the upper item - Windows Defender Firewall with Advanced Security
- Select Import Policy... and point to the save file created in the first step.
You could also save the blocked state, so it may quickly be reset again
by using the Import Policy command as above.
In answer to the query about making it work for
wikipedia.org,
I believe the problem has arrived in the above step of
"Add a single rule to allow your website", which was badly written
(corrected now).
This step needs to be filled as follows, where the IP range is
91.198.174.192/27
(found in
this article):
I would suggest the following approach:
- Save the current firewall rules
- Set the default outbound firewall policy to block all
- Delete all outbound firewall rules
- Add a single rule to allow your website
Below are the directions in detail.
Save the current firewall rules
- Start Windows Defender Firewall with Advanced Security
- Right-click the upper item - Windows Defender Firewall with Advanced Security
- Select Export Policy...
- Follow the prompts to save.
Set the default outbound firewall policy to block all
- Right-click again the upper item - Windows Defender Firewall with Advanced Security
- Select Properties
- Switch Outbound connections from "Allow (default)" to "Block"
Delete all outbound firewall rules
- Click on Outbound Rules
- Click on the middle pane on some item to set the focus
- Type Ctrl+A to select all the rules
- Right-click any selected rule and choose Delete
Add a single rule to allow your website
- Still in Outbound Rules, click in the Actions pane on *New Rule"
- Select Custom and Next
- Leave selected All programs and click Next
- Leave Protocol Type as Any and click Next
- In Scope, under Which remote IP addresses does this rule apply to?,
select These IP addresses:
- Click Add... and enter the IP address of your website and click OK
- Click Next
- Select Allow the connection and click Next
- Leave all profiles checked and click Next
- Give a name to your rule and click Finish
Undoing this configuration
To return to normal unblocked rules :
- Start Windows Defender Firewall with Advanced Security
- Right-click the upper item - Windows Defender Firewall with Advanced Security
- Select Import Policy... and point to the save file created in the first step.
You could also save the blocked state, so it may quickly be reset again
by using the Import Policy command as above.
In answer to the query about making it work for
wikipedia.org,
I believe the problem has arrived in the above step of
"Add a single rule to allow your website", which was badly written
(corrected now).
This step needs to be filled as follows, where the IP range is
91.198.174.192/27
(found in
this article):
edited yesterday
answered Nov 14 at 10:25
harrymc
247k10256542
247k10256542
Thank you for the thorough instructions. In the Properties dialog it has three tabs, Domain, Public and Private. Which one do I apply these steps to? Do I need to modify the inbound rules?
– 1.21 gigawatts
2 days ago
In your image you have private tab selected. In my setup it says "Public profile is active". I applied these instructions to all "zones" and added an exception for the IP and it is not connecting.
– 1.21 gigawatts
2 days ago
1
My step "Add a single rule to allow your website" was badly written and misleading. I have added an image for this step at the end of my answer, tested on Windows 10 Pro.
– harrymc
yesterday
1
That depends on the type of your network. Normally for your network inside your building and connected to your router you would mark it as private, while if you take the computer to an Internet cafe or connect to some outside public network you would mark this network as public for better protection. I used Private because I didn't think that Public could possibly be involved. You may do the same with Public if you think that some visitor could bypass your setting by connecting from your computer to an outside network with WiFi.
– harrymc
1 hour ago
1
The type of your network is set by yourself on first connection, that is when Windows asks you the question for the type of the network. You can verify the type of your network in Control Panel > Network Connections.
– harrymc
1 hour ago
|
show 7 more comments
Thank you for the thorough instructions. In the Properties dialog it has three tabs, Domain, Public and Private. Which one do I apply these steps to? Do I need to modify the inbound rules?
– 1.21 gigawatts
2 days ago
In your image you have private tab selected. In my setup it says "Public profile is active". I applied these instructions to all "zones" and added an exception for the IP and it is not connecting.
– 1.21 gigawatts
2 days ago
1
My step "Add a single rule to allow your website" was badly written and misleading. I have added an image for this step at the end of my answer, tested on Windows 10 Pro.
– harrymc
yesterday
1
That depends on the type of your network. Normally for your network inside your building and connected to your router you would mark it as private, while if you take the computer to an Internet cafe or connect to some outside public network you would mark this network as public for better protection. I used Private because I didn't think that Public could possibly be involved. You may do the same with Public if you think that some visitor could bypass your setting by connecting from your computer to an outside network with WiFi.
– harrymc
1 hour ago
1
The type of your network is set by yourself on first connection, that is when Windows asks you the question for the type of the network. You can verify the type of your network in Control Panel > Network Connections.
– harrymc
1 hour ago
Thank you for the thorough instructions. In the Properties dialog it has three tabs, Domain, Public and Private. Which one do I apply these steps to? Do I need to modify the inbound rules?
– 1.21 gigawatts
2 days ago
Thank you for the thorough instructions. In the Properties dialog it has three tabs, Domain, Public and Private. Which one do I apply these steps to? Do I need to modify the inbound rules?
– 1.21 gigawatts
2 days ago
In your image you have private tab selected. In my setup it says "Public profile is active". I applied these instructions to all "zones" and added an exception for the IP and it is not connecting.
– 1.21 gigawatts
2 days ago
In your image you have private tab selected. In my setup it says "Public profile is active". I applied these instructions to all "zones" and added an exception for the IP and it is not connecting.
– 1.21 gigawatts
2 days ago
1
1
My step "Add a single rule to allow your website" was badly written and misleading. I have added an image for this step at the end of my answer, tested on Windows 10 Pro.
– harrymc
yesterday
My step "Add a single rule to allow your website" was badly written and misleading. I have added an image for this step at the end of my answer, tested on Windows 10 Pro.
– harrymc
yesterday
1
1
That depends on the type of your network. Normally for your network inside your building and connected to your router you would mark it as private, while if you take the computer to an Internet cafe or connect to some outside public network you would mark this network as public for better protection. I used Private because I didn't think that Public could possibly be involved. You may do the same with Public if you think that some visitor could bypass your setting by connecting from your computer to an outside network with WiFi.
– harrymc
1 hour ago
That depends on the type of your network. Normally for your network inside your building and connected to your router you would mark it as private, while if you take the computer to an Internet cafe or connect to some outside public network you would mark this network as public for better protection. I used Private because I didn't think that Public could possibly be involved. You may do the same with Public if you think that some visitor could bypass your setting by connecting from your computer to an outside network with WiFi.
– harrymc
1 hour ago
1
1
The type of your network is set by yourself on first connection, that is when Windows asks you the question for the type of the network. You can verify the type of your network in Control Panel > Network Connections.
– harrymc
1 hour ago
The type of your network is set by yourself on first connection, that is when Windows asks you the question for the type of the network. You can verify the type of your network in Control Panel > Network Connections.
– harrymc
1 hour ago
|
show 7 more comments
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1058198%2fhow-do-i-configure-the-windows-firewall-to-block-communication-with-all-except-o%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown