How do I configure the Windows firewall to block communication with all except one IP address?











up vote
5
down vote

favorite
2












so I am the admin of a club laptop, which runs on windows 10, and is connected to the internet via an usb stick with a sim card, which unfortunately has limited internet, so to prevent people from watching for example youtube videos, i want to block all websites,but one, which is the club site.
Is there any way of doing this with the windows firewall?
Thanks for all help!










share|improve this question

















This question has an open bounty worth +50
reputation from 1.21 gigawatts ending tomorrow.


This question has not received enough attention.


Same situation as OP. Setting up a library computer with access to Wikipedia. No myspace, no system updates, no background updates, nothing.




















    up vote
    5
    down vote

    favorite
    2












    so I am the admin of a club laptop, which runs on windows 10, and is connected to the internet via an usb stick with a sim card, which unfortunately has limited internet, so to prevent people from watching for example youtube videos, i want to block all websites,but one, which is the club site.
    Is there any way of doing this with the windows firewall?
    Thanks for all help!










    share|improve this question

















    This question has an open bounty worth +50
    reputation from 1.21 gigawatts ending tomorrow.


    This question has not received enough attention.


    Same situation as OP. Setting up a library computer with access to Wikipedia. No myspace, no system updates, no background updates, nothing.


















      up vote
      5
      down vote

      favorite
      2









      up vote
      5
      down vote

      favorite
      2






      2





      so I am the admin of a club laptop, which runs on windows 10, and is connected to the internet via an usb stick with a sim card, which unfortunately has limited internet, so to prevent people from watching for example youtube videos, i want to block all websites,but one, which is the club site.
      Is there any way of doing this with the windows firewall?
      Thanks for all help!










      share|improve this question















      so I am the admin of a club laptop, which runs on windows 10, and is connected to the internet via an usb stick with a sim card, which unfortunately has limited internet, so to prevent people from watching for example youtube videos, i want to block all websites,but one, which is the club site.
      Is there any way of doing this with the windows firewall?
      Thanks for all help!







      networking windows-10 windows-firewall






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Mar 28 '16 at 13:34









      a CVn

      24.2k873118




      24.2k873118










      asked Mar 28 '16 at 13:21









      Leon Schweiger

      2612




      2612






      This question has an open bounty worth +50
      reputation from 1.21 gigawatts ending tomorrow.


      This question has not received enough attention.


      Same situation as OP. Setting up a library computer with access to Wikipedia. No myspace, no system updates, no background updates, nothing.








      This question has an open bounty worth +50
      reputation from 1.21 gigawatts ending tomorrow.


      This question has not received enough attention.


      Same situation as OP. Setting up a library computer with access to Wikipedia. No myspace, no system updates, no background updates, nothing.
























          1 Answer
          1






          active

          oldest

          votes

















          up vote
          4
          down vote













          I would suggest the following approach:




          1. Save the current firewall rules

          2. Set the default outbound firewall policy to block all

          3. Delete all outbound firewall rules

          4. Add a single rule to allow your website


          Below are the directions in detail.



          Save the current firewall rules




          • Start Windows Defender Firewall with Advanced Security

          • Right-click the upper item - Windows Defender Firewall with Advanced Security

          • Select Export Policy...

          • Follow the prompts to save.


          enter image description here



          Set the default outbound firewall policy to block all




          • Right-click again the upper item - Windows Defender Firewall with Advanced Security

          • Select Properties

          • Switch Outbound connections from "Allow (default)" to "Block"
            enter image description here


          Delete all outbound firewall rules




          • Click on Outbound Rules

          • Click on the middle pane on some item to set the focus

          • Type Ctrl+A to select all the rules

          • Right-click any selected rule and choose Delete


          enter image description here



          Add a single rule to allow your website




          • Still in Outbound Rules, click in the Actions pane on *New Rule"

          • Select Custom and Next

          • Leave selected All programs and click Next

          • Leave Protocol Type as Any and click Next

          • In Scope, under Which remote IP addresses does this rule apply to?,
            select These IP addresses:

          • Click Add... and enter the IP address of your website and click OK

          • Click Next

          • Select Allow the connection and click Next

          • Leave all profiles checked and click Next

          • Give a name to your rule and click Finish


          Undoing this configuration



          To return to normal unblocked rules :




          • Start Windows Defender Firewall with Advanced Security

          • Right-click the upper item - Windows Defender Firewall with Advanced Security

          • Select Import Policy... and point to the save file created in the first step.


          You could also save the blocked state, so it may quickly be reset again
          by using the Import Policy command as above.





          In answer to the query about making it work for
          wikipedia.org,
          I believe the problem has arrived in the above step of
          "Add a single rule to allow your website", which was badly written
          (corrected now).



          This step needs to be filled as follows, where the IP range is
          91.198.174.192/27 (found in
          this article):



          enter image description here






          share|improve this answer























          • Thank you for the thorough instructions. In the Properties dialog it has three tabs, Domain, Public and Private. Which one do I apply these steps to? Do I need to modify the inbound rules?
            – 1.21 gigawatts
            2 days ago












          • In your image you have private tab selected. In my setup it says "Public profile is active". I applied these instructions to all "zones" and added an exception for the IP and it is not connecting.
            – 1.21 gigawatts
            2 days ago








          • 1




            My step "Add a single rule to allow your website" was badly written and misleading. I have added an image for this step at the end of my answer, tested on Windows 10 Pro.
            – harrymc
            yesterday








          • 1




            That depends on the type of your network. Normally for your network inside your building and connected to your router you would mark it as private, while if you take the computer to an Internet cafe or connect to some outside public network you would mark this network as public for better protection. I used Private because I didn't think that Public could possibly be involved. You may do the same with Public if you think that some visitor could bypass your setting by connecting from your computer to an outside network with WiFi.
            – harrymc
            1 hour ago








          • 1




            The type of your network is set by yourself on first connection, that is when Windows asks you the question for the type of the network. You can verify the type of your network in Control Panel > Network Connections.
            – harrymc
            1 hour ago













          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "3"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














           

          draft saved


          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1058198%2fhow-do-i-configure-the-windows-firewall-to-block-communication-with-all-except-o%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          4
          down vote













          I would suggest the following approach:




          1. Save the current firewall rules

          2. Set the default outbound firewall policy to block all

          3. Delete all outbound firewall rules

          4. Add a single rule to allow your website


          Below are the directions in detail.



          Save the current firewall rules




          • Start Windows Defender Firewall with Advanced Security

          • Right-click the upper item - Windows Defender Firewall with Advanced Security

          • Select Export Policy...

          • Follow the prompts to save.


          enter image description here



          Set the default outbound firewall policy to block all




          • Right-click again the upper item - Windows Defender Firewall with Advanced Security

          • Select Properties

          • Switch Outbound connections from "Allow (default)" to "Block"
            enter image description here


          Delete all outbound firewall rules




          • Click on Outbound Rules

          • Click on the middle pane on some item to set the focus

          • Type Ctrl+A to select all the rules

          • Right-click any selected rule and choose Delete


          enter image description here



          Add a single rule to allow your website




          • Still in Outbound Rules, click in the Actions pane on *New Rule"

          • Select Custom and Next

          • Leave selected All programs and click Next

          • Leave Protocol Type as Any and click Next

          • In Scope, under Which remote IP addresses does this rule apply to?,
            select These IP addresses:

          • Click Add... and enter the IP address of your website and click OK

          • Click Next

          • Select Allow the connection and click Next

          • Leave all profiles checked and click Next

          • Give a name to your rule and click Finish


          Undoing this configuration



          To return to normal unblocked rules :




          • Start Windows Defender Firewall with Advanced Security

          • Right-click the upper item - Windows Defender Firewall with Advanced Security

          • Select Import Policy... and point to the save file created in the first step.


          You could also save the blocked state, so it may quickly be reset again
          by using the Import Policy command as above.





          In answer to the query about making it work for
          wikipedia.org,
          I believe the problem has arrived in the above step of
          "Add a single rule to allow your website", which was badly written
          (corrected now).



          This step needs to be filled as follows, where the IP range is
          91.198.174.192/27 (found in
          this article):



          enter image description here






          share|improve this answer























          • Thank you for the thorough instructions. In the Properties dialog it has three tabs, Domain, Public and Private. Which one do I apply these steps to? Do I need to modify the inbound rules?
            – 1.21 gigawatts
            2 days ago












          • In your image you have private tab selected. In my setup it says "Public profile is active". I applied these instructions to all "zones" and added an exception for the IP and it is not connecting.
            – 1.21 gigawatts
            2 days ago








          • 1




            My step "Add a single rule to allow your website" was badly written and misleading. I have added an image for this step at the end of my answer, tested on Windows 10 Pro.
            – harrymc
            yesterday








          • 1




            That depends on the type of your network. Normally for your network inside your building and connected to your router you would mark it as private, while if you take the computer to an Internet cafe or connect to some outside public network you would mark this network as public for better protection. I used Private because I didn't think that Public could possibly be involved. You may do the same with Public if you think that some visitor could bypass your setting by connecting from your computer to an outside network with WiFi.
            – harrymc
            1 hour ago








          • 1




            The type of your network is set by yourself on first connection, that is when Windows asks you the question for the type of the network. You can verify the type of your network in Control Panel > Network Connections.
            – harrymc
            1 hour ago

















          up vote
          4
          down vote













          I would suggest the following approach:




          1. Save the current firewall rules

          2. Set the default outbound firewall policy to block all

          3. Delete all outbound firewall rules

          4. Add a single rule to allow your website


          Below are the directions in detail.



          Save the current firewall rules




          • Start Windows Defender Firewall with Advanced Security

          • Right-click the upper item - Windows Defender Firewall with Advanced Security

          • Select Export Policy...

          • Follow the prompts to save.


          enter image description here



          Set the default outbound firewall policy to block all




          • Right-click again the upper item - Windows Defender Firewall with Advanced Security

          • Select Properties

          • Switch Outbound connections from "Allow (default)" to "Block"
            enter image description here


          Delete all outbound firewall rules




          • Click on Outbound Rules

          • Click on the middle pane on some item to set the focus

          • Type Ctrl+A to select all the rules

          • Right-click any selected rule and choose Delete


          enter image description here



          Add a single rule to allow your website




          • Still in Outbound Rules, click in the Actions pane on *New Rule"

          • Select Custom and Next

          • Leave selected All programs and click Next

          • Leave Protocol Type as Any and click Next

          • In Scope, under Which remote IP addresses does this rule apply to?,
            select These IP addresses:

          • Click Add... and enter the IP address of your website and click OK

          • Click Next

          • Select Allow the connection and click Next

          • Leave all profiles checked and click Next

          • Give a name to your rule and click Finish


          Undoing this configuration



          To return to normal unblocked rules :




          • Start Windows Defender Firewall with Advanced Security

          • Right-click the upper item - Windows Defender Firewall with Advanced Security

          • Select Import Policy... and point to the save file created in the first step.


          You could also save the blocked state, so it may quickly be reset again
          by using the Import Policy command as above.





          In answer to the query about making it work for
          wikipedia.org,
          I believe the problem has arrived in the above step of
          "Add a single rule to allow your website", which was badly written
          (corrected now).



          This step needs to be filled as follows, where the IP range is
          91.198.174.192/27 (found in
          this article):



          enter image description here






          share|improve this answer























          • Thank you for the thorough instructions. In the Properties dialog it has three tabs, Domain, Public and Private. Which one do I apply these steps to? Do I need to modify the inbound rules?
            – 1.21 gigawatts
            2 days ago












          • In your image you have private tab selected. In my setup it says "Public profile is active". I applied these instructions to all "zones" and added an exception for the IP and it is not connecting.
            – 1.21 gigawatts
            2 days ago








          • 1




            My step "Add a single rule to allow your website" was badly written and misleading. I have added an image for this step at the end of my answer, tested on Windows 10 Pro.
            – harrymc
            yesterday








          • 1




            That depends on the type of your network. Normally for your network inside your building and connected to your router you would mark it as private, while if you take the computer to an Internet cafe or connect to some outside public network you would mark this network as public for better protection. I used Private because I didn't think that Public could possibly be involved. You may do the same with Public if you think that some visitor could bypass your setting by connecting from your computer to an outside network with WiFi.
            – harrymc
            1 hour ago








          • 1




            The type of your network is set by yourself on first connection, that is when Windows asks you the question for the type of the network. You can verify the type of your network in Control Panel > Network Connections.
            – harrymc
            1 hour ago















          up vote
          4
          down vote










          up vote
          4
          down vote









          I would suggest the following approach:




          1. Save the current firewall rules

          2. Set the default outbound firewall policy to block all

          3. Delete all outbound firewall rules

          4. Add a single rule to allow your website


          Below are the directions in detail.



          Save the current firewall rules




          • Start Windows Defender Firewall with Advanced Security

          • Right-click the upper item - Windows Defender Firewall with Advanced Security

          • Select Export Policy...

          • Follow the prompts to save.


          enter image description here



          Set the default outbound firewall policy to block all




          • Right-click again the upper item - Windows Defender Firewall with Advanced Security

          • Select Properties

          • Switch Outbound connections from "Allow (default)" to "Block"
            enter image description here


          Delete all outbound firewall rules




          • Click on Outbound Rules

          • Click on the middle pane on some item to set the focus

          • Type Ctrl+A to select all the rules

          • Right-click any selected rule and choose Delete


          enter image description here



          Add a single rule to allow your website




          • Still in Outbound Rules, click in the Actions pane on *New Rule"

          • Select Custom and Next

          • Leave selected All programs and click Next

          • Leave Protocol Type as Any and click Next

          • In Scope, under Which remote IP addresses does this rule apply to?,
            select These IP addresses:

          • Click Add... and enter the IP address of your website and click OK

          • Click Next

          • Select Allow the connection and click Next

          • Leave all profiles checked and click Next

          • Give a name to your rule and click Finish


          Undoing this configuration



          To return to normal unblocked rules :




          • Start Windows Defender Firewall with Advanced Security

          • Right-click the upper item - Windows Defender Firewall with Advanced Security

          • Select Import Policy... and point to the save file created in the first step.


          You could also save the blocked state, so it may quickly be reset again
          by using the Import Policy command as above.





          In answer to the query about making it work for
          wikipedia.org,
          I believe the problem has arrived in the above step of
          "Add a single rule to allow your website", which was badly written
          (corrected now).



          This step needs to be filled as follows, where the IP range is
          91.198.174.192/27 (found in
          this article):



          enter image description here






          share|improve this answer














          I would suggest the following approach:




          1. Save the current firewall rules

          2. Set the default outbound firewall policy to block all

          3. Delete all outbound firewall rules

          4. Add a single rule to allow your website


          Below are the directions in detail.



          Save the current firewall rules




          • Start Windows Defender Firewall with Advanced Security

          • Right-click the upper item - Windows Defender Firewall with Advanced Security

          • Select Export Policy...

          • Follow the prompts to save.


          enter image description here



          Set the default outbound firewall policy to block all




          • Right-click again the upper item - Windows Defender Firewall with Advanced Security

          • Select Properties

          • Switch Outbound connections from "Allow (default)" to "Block"
            enter image description here


          Delete all outbound firewall rules




          • Click on Outbound Rules

          • Click on the middle pane on some item to set the focus

          • Type Ctrl+A to select all the rules

          • Right-click any selected rule and choose Delete


          enter image description here



          Add a single rule to allow your website




          • Still in Outbound Rules, click in the Actions pane on *New Rule"

          • Select Custom and Next

          • Leave selected All programs and click Next

          • Leave Protocol Type as Any and click Next

          • In Scope, under Which remote IP addresses does this rule apply to?,
            select These IP addresses:

          • Click Add... and enter the IP address of your website and click OK

          • Click Next

          • Select Allow the connection and click Next

          • Leave all profiles checked and click Next

          • Give a name to your rule and click Finish


          Undoing this configuration



          To return to normal unblocked rules :




          • Start Windows Defender Firewall with Advanced Security

          • Right-click the upper item - Windows Defender Firewall with Advanced Security

          • Select Import Policy... and point to the save file created in the first step.


          You could also save the blocked state, so it may quickly be reset again
          by using the Import Policy command as above.





          In answer to the query about making it work for
          wikipedia.org,
          I believe the problem has arrived in the above step of
          "Add a single rule to allow your website", which was badly written
          (corrected now).



          This step needs to be filled as follows, where the IP range is
          91.198.174.192/27 (found in
          this article):



          enter image description here







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited yesterday

























          answered Nov 14 at 10:25









          harrymc

          247k10256542




          247k10256542












          • Thank you for the thorough instructions. In the Properties dialog it has three tabs, Domain, Public and Private. Which one do I apply these steps to? Do I need to modify the inbound rules?
            – 1.21 gigawatts
            2 days ago












          • In your image you have private tab selected. In my setup it says "Public profile is active". I applied these instructions to all "zones" and added an exception for the IP and it is not connecting.
            – 1.21 gigawatts
            2 days ago








          • 1




            My step "Add a single rule to allow your website" was badly written and misleading. I have added an image for this step at the end of my answer, tested on Windows 10 Pro.
            – harrymc
            yesterday








          • 1




            That depends on the type of your network. Normally for your network inside your building and connected to your router you would mark it as private, while if you take the computer to an Internet cafe or connect to some outside public network you would mark this network as public for better protection. I used Private because I didn't think that Public could possibly be involved. You may do the same with Public if you think that some visitor could bypass your setting by connecting from your computer to an outside network with WiFi.
            – harrymc
            1 hour ago








          • 1




            The type of your network is set by yourself on first connection, that is when Windows asks you the question for the type of the network. You can verify the type of your network in Control Panel > Network Connections.
            – harrymc
            1 hour ago




















          • Thank you for the thorough instructions. In the Properties dialog it has three tabs, Domain, Public and Private. Which one do I apply these steps to? Do I need to modify the inbound rules?
            – 1.21 gigawatts
            2 days ago












          • In your image you have private tab selected. In my setup it says "Public profile is active". I applied these instructions to all "zones" and added an exception for the IP and it is not connecting.
            – 1.21 gigawatts
            2 days ago








          • 1




            My step "Add a single rule to allow your website" was badly written and misleading. I have added an image for this step at the end of my answer, tested on Windows 10 Pro.
            – harrymc
            yesterday








          • 1




            That depends on the type of your network. Normally for your network inside your building and connected to your router you would mark it as private, while if you take the computer to an Internet cafe or connect to some outside public network you would mark this network as public for better protection. I used Private because I didn't think that Public could possibly be involved. You may do the same with Public if you think that some visitor could bypass your setting by connecting from your computer to an outside network with WiFi.
            – harrymc
            1 hour ago








          • 1




            The type of your network is set by yourself on first connection, that is when Windows asks you the question for the type of the network. You can verify the type of your network in Control Panel > Network Connections.
            – harrymc
            1 hour ago


















          Thank you for the thorough instructions. In the Properties dialog it has three tabs, Domain, Public and Private. Which one do I apply these steps to? Do I need to modify the inbound rules?
          – 1.21 gigawatts
          2 days ago






          Thank you for the thorough instructions. In the Properties dialog it has three tabs, Domain, Public and Private. Which one do I apply these steps to? Do I need to modify the inbound rules?
          – 1.21 gigawatts
          2 days ago














          In your image you have private tab selected. In my setup it says "Public profile is active". I applied these instructions to all "zones" and added an exception for the IP and it is not connecting.
          – 1.21 gigawatts
          2 days ago






          In your image you have private tab selected. In my setup it says "Public profile is active". I applied these instructions to all "zones" and added an exception for the IP and it is not connecting.
          – 1.21 gigawatts
          2 days ago






          1




          1




          My step "Add a single rule to allow your website" was badly written and misleading. I have added an image for this step at the end of my answer, tested on Windows 10 Pro.
          – harrymc
          yesterday






          My step "Add a single rule to allow your website" was badly written and misleading. I have added an image for this step at the end of my answer, tested on Windows 10 Pro.
          – harrymc
          yesterday






          1




          1




          That depends on the type of your network. Normally for your network inside your building and connected to your router you would mark it as private, while if you take the computer to an Internet cafe or connect to some outside public network you would mark this network as public for better protection. I used Private because I didn't think that Public could possibly be involved. You may do the same with Public if you think that some visitor could bypass your setting by connecting from your computer to an outside network with WiFi.
          – harrymc
          1 hour ago






          That depends on the type of your network. Normally for your network inside your building and connected to your router you would mark it as private, while if you take the computer to an Internet cafe or connect to some outside public network you would mark this network as public for better protection. I used Private because I didn't think that Public could possibly be involved. You may do the same with Public if you think that some visitor could bypass your setting by connecting from your computer to an outside network with WiFi.
          – harrymc
          1 hour ago






          1




          1




          The type of your network is set by yourself on first connection, that is when Windows asks you the question for the type of the network. You can verify the type of your network in Control Panel > Network Connections.
          – harrymc
          1 hour ago






          The type of your network is set by yourself on first connection, that is when Windows asks you the question for the type of the network. You can verify the type of your network in Control Panel > Network Connections.
          – harrymc
          1 hour ago




















           

          draft saved


          draft discarded



















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1058198%2fhow-do-i-configure-the-windows-firewall-to-block-communication-with-all-except-o%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Plaza Victoria

          Puebla de Zaragoza

          Musa