Microsoft ICS ignores firewall rules?

0

I enabled Windows 7 computer to share Internet via Wi-Fi. I want to disable usage of some IP addresses by Wi-Fi devices. I started to block Google DNS to just test if it works. So, I add rule to all profiles to block both UDP and TCP to 8.8.8.8 and 8.8.4.4 remote addresses. They are added, and when I use Windows nslookup to send DNS requests to these IPs, it times out. OK, now I connect my phone to Wi-Fi that works over this Windows, and see that when I use Android DNS tools to send DNS queries to 8.8.8.8 and 8.8.4.4, it works. So, even I blocked these IPs from my Windows firewall, ICS ignores these rules. So, is there any working way to block access to specific IP addresses when using Windows ICS?

Vitalii

Posted 2017-01-27T10:22:04.370

Reputation: 115

Answers

1

Windows workstation's firewall blindly bypass anything that passed via ICS. Firewall setting applies only for the local machine. You need to configure firewalls on every computers that using internet via ICS or you need "real" server (or decent firewall/router such as pFsense for example) where it can be done. BTW, if there is someone on your network who knows IT stuff, they can bypass your restriction by using encrypted tunnel via external machine. The best solution is to use router/firewall that can do proxy with authorization. This way you can block all outgoing connections and force users to be authorized through proxy to be able to go online, plus it much easier to watch external traffic by users and spot illegal connections on firewall that trying to poke NAT (with help of IPv6 tunnels such as teredo) to bypass your rules.

Alex

Posted 2017-01-27T10:22:04.370

Reputation: 5 606

Asked: 2017-01-27T10:22:04.370

Viewed: 151 times

Active: 2017-01-27T17:48:22.253