How To Block Internet Access With Windows Advanced Firewall Rules

Internet security firewall

Firewall is an important and very necessary tool that help protect PC and other gadget users from unwanted access through the unsecure internet. Most modern Operating Systems come with a built-in firewall, but the problem is that few people know of its existence, let alone knowing how to configure it.

Inside Windows’ built-in Firewall rests the ability to create powerful Firewall rules that can completely block internet access by programs, use a whitelist to control network access, restrict traffic to specific ports and IP addresses, etc – even without installing another Firewall.

There are many reasons to restrict, deny or minimize internet access to and fro your PC. But most importantly, get ready to bid farewell to all those suspicious and malicious programs that may have gained access into your system and occasionally attempt to phone home with your personal information. With this settings, such programs stand no chance, because they will never again have the opportunity to connect to the internet except you permit them.

In this article, we shall be learning how to create advanced firewall rules to block applications from accessing the Internet, through the help of Windows Firewall with Advanced Security.

How to Open Windows Firewall with Advanced Security

There are two common ways of accessing the interface of Windows Firewall with Advanced Security window; namely:

1. Through Windows Firewall control panel
The most common way of Windows Firewall with Advanced Security is from the main Windows Firewall control panel. Just click the Advanced settings link in the sidebar, and you are in.

How to open windows firewall with advanced security

2. Through Search box
In Windows 7, another method is to search for the word “windows firewall” in the Start Menu search box and click the”Windows Firewall with Advanced Security” result.
In Windows 8.1 though, Windows Firewall with Advanced Security is not returned in search results and you need to use the first method shared above for opening it.

Read Also: How To Access CPanel Within CloudFlare Enabled Website

How to Configure Windows Firewall with Advanced Security

The Windows firewall has three different network profiles. You can choose to configure any or all of the profiles.

  • Domain Profile: Only used when your computer is connected to a domain.
  • Private: This can be used when connected to a private network, such as a work or home network.
  • Public: This is used when connected to a public network, such as a public Wi-Fi access point or a direct connection to the Internet.

A computer may use multiple profiles, depending on the situation. For example, a business laptop may use the domain profile when connected to a domain at work, the private profile when connected to a home network, and the public profile when connected to a public Wi-Fi network.

Read Also: Internet Safety: 10 Security Tips For Safe Internet Browsing

Note: Microsoft Windows usually ask whether a network is public or private the first time you connect to it.

How to configure Windows advanced firewall profiles

To create advanced firewall rules, open the interface and click on the Windows Firewall Properties link to begin configuring the firewall profiles.

The advanced firewall properties window contains a separate tab for each profile. By default, Windows blocks inbound connections and allows outbound connections for all profiles, but you can choose to block all outbound connections and create rules that allow specific types of connections, thereby creating a whitelist on the applicable network profile.

Advanced firewall properties window

By blocking the outbound connections, you would not be able to receive a notification when a program is blocked – the network connection will just fail silently. Now let’s block the outbound connection under Private and Public profile tabs, to ensure that only our whitelisted programs can access the internet. You can always switch back to the default – Allow.

With the outbound connection blocked, any attempt to browse without a whitelisted browser will result to immediate network error.

What is an outbound connection?
This deals with your programs that use the Internet. You will want to let your Web Browser (Internet Explorer, Firefox, Safari, Chrome, Opera…) have access to the Internet, so you will tell Windows Firewall that such programs are allowed.

What is an inbound connection?
Inbound connection and rule has to do with other things accessing your computer. If you are running a Web Server on your computer then you will have to tell the Firewall how outsiders are allowed to connect to it.

How to Create Advanced Firewall Rules

With our outbound connection still blocked, lets create a whitelist firewall rule to access the internet. In order to create an advanced firewall rule, you need to select the Inbound Rules or Outbound Rules category at the left side of the window and click the Create Rule or New Rule link at the right side.

Creating Firewall Rule

The Windows firewall offers four types of rules:

  • Program – Block or allow a program.
  • Port – Block or a allow a port, port range, or protocol.
  • Predefined – Use a predefined firewall rule included with Windows.
  • Custom – Specify a combination of program, port, and IP address to block or allow.

Now, let’s select the Program rule type. On the next screen, use the Browse button to locate and select the program’s .exe file within Program Files. Then click next.

Select whitelist program file

On the Action screen, select “Allow the connection” to whitelist the program. If you were setting up a blacklist after allowing all applications by default, then select “Block the connection” to blacklist the application instead.

Read Also: 10 Tips To Create Smart And Secure Password

On the Profile screen, you can apply the rule to a specific profile – for instance, if you only want a program allowed or blocked when you’re connected to public Wi-Fi and other insecure networks, leave the “Public” box checked. By default, Windows applies the rule to all profiles – Domain, Public and Private profiles.

Under the Name screen, you can name the rule and enter an optional description. This will help you identify the rule later. In this case, lets name it Allow Opera.

If all things be equal, the created firewall rule should be active already. Created firewall rules usually appear in the list, so it can easily be edited, disabled or deleted as seen below.

List of created advanced firewall rules

Test it! If your whitelisted browser is browsing and the rests are not, then you have successful created your firewall rule whitelist.

Restricting Access with Firewall Rule

If you really want to lock down a program, you can restrict the ports and IP addresses it connects to. For example, let’s say you have a server application that you only want accessed from a specific IP address.

Let’s create a new rule within the Inbound Rule. Click New Rule and select the Custom rule type.

On the Program pane, select the program you want to restrict. If the program is running as a Windows service, use the Customize button to select the service from a list. To restrict all network traffic on the computer to communicating with a specific IP address or port range, select “All programs” instead of specifying a specific program.

On the Protocol and Ports pane, select a protocol type and specify ports. For example, if you’re running a web server application, you can restrict the web server application to TCP connections on ports 80, 443 and 3306 by entering these ports in the Local port box. Next!

Creating inbound connection rule

The Scope tab allows you to restrict IP addresses. Assuming you only wish the server to communicate with a specific IP address, enter that IP address in the remote IP addresses box. Next!

Restrict IP address

Select the “Allow the connection” option to allow the connection from the IP address and ports you specified. Just ensure that no other firewall rules apply to the program – for example, if you have a firewall rule that allows all inbound traffic to the server application, this rule won’t do anything. Next choose the applicable network profiles and give it a descriptive name and an optional description.

Name the firewall rule

Once you click the finish button, the rule will take effect immediately. Remember, Advanced Windows Firewall rules can only be effective when Windows Firewall is also ON.

So, if the Windows Firewall is turned off then all these Firewall rules here and there will have no effect whatsoever, and the Inbound and Outbound rules settings with the aim of restricting or blocking internet access with the Windows Advanced Firewall Rules will absolutely mean nothing.

Read Also: Internet Security: 7 Tips To Stay Safe On The Internet

Hi @nago
Pls…. Can I use the Windows Firewall with Advanced Security at work, can I also install other firewall?

0 Like Like Quote Report
0 Like Like

Thanks…. Why have I not heard about this WFWAS before?

2 Likes Like Quote Report
2 Likes Like

Thanks @nago

1 Like Like Quote Report
1 Like Like

@akpan thanks for reading and more so for your question.
Actually, except where the other program has other features beside firewall, e.g antivirus, it is not advisable to have two active firewall application running simultaneosly.

Except again you wish to turn off Windows firewall intead. But even with that option, you will still have to endure occassional firewall alert for approval or otherwise for most programs that should have been taken care of by your firewall rules. This is one major reason, I fell in love with WFWAS

4 Likes Like Quote Report
4 Likes Like

Wow, thank

0 Like Like Quote Report
0 Like Like

What a great tutorial… keep it up. Never know windows firewall is such powerful

0 Like Like Quote Report
0 Like Like