How to block all traffic but one IP in Windows Firewall?

35

20

I'm trying to use Windows 7 firewall to block all outgoing and incoming traffic, from all IP's and for all protocals, except for UDP to and from one particular IP address.

The reason why is because I am using a VPN over UDP, and so no other traffic is necessary so I'd like to shut it all down.

My configuration blocks all outgoing traffic, but also it blocks traffic going out to the IP I want to be able to access. I can't for example ping the allowed IP address (notice I have it set as any protocol allowed, so ping should work). I get 'General Failure' when I try to ping it.

I figured having the allow rule at the top of the list would make it work but it doesn't. Am I missing something here?

thegreatdane23

Posted 2011-04-10T02:09:06.800

Reputation: 381

Answers

19

The proper way to accomplish this is to configure Windows Firewall to block all outgoing traffic by default, and then only allow the incoming connection(s) you want.

To do that, click on Windows Firewall with Advanced Security in the left pane, and choose Windows Firewall Properties from the right pane. Next to Outbound connections, choose Block. Then, click OK.

Windows Firewall block outbound by default

Once you've done that, just delete the block all outgoing traffic rule and you should be all set.

Patches

Posted 2011-04-10T02:09:06.800

Reputation: 14 078

3If you do this, you also need to remove all other rules (in the Public profile) except one you whant to alllow. Otherwise you won't get the "block all" effect. – droidgren – 2016-08-09T11:59:02.097

2worth noting you still see things in wireshark doing this. – barlop – 2014-05-08T21:31:43.770

18

You can do this with IPSec.

  1. Click Start and type MMC then select the MMC from the list.
  2. Click File -> Add/Remove Snap-In -> Add the IP Security Policy Snap-In and Click Ok
  3. Right Click on the middle section and click "Create IP Security Policy"
  4. Follow through the first wizard with the defaults giving the name/description you want.
  5. With the Windows that opens after the first wizard click "Add..."
  6. Click "Next" x3 and then click "Add..."
  7. Give the name of "Block All" or something similar. Click "Add..."
  8. Run through that wizard keeping all the defaults and click "OK"
  9. Select "Block All" and click "Next" and then "Add..." again
  10. Follow the wizard giving the name of "Block" and select "Block" as the action.
  11. Repeat Steps 5-10 selecting the proper source/destination/protocol and selecting "Permit" in Step 10.

MMC

Riguez

Posted 2011-04-10T02:09:06.800

Reputation: 3 594

Nice! I didn't know you could do that – user40311 – 2013-12-16T17:08:36.127

that was a riot, the first time i've ever found step by step rules that were worthwhile(not baby steps). And if you click outside and lose the window you're in, file..add/remove snap in, gets you back. Also, I skipped step 11 and just assigned/unassigned the block. It worked to an extent, in that it stopped wget for example. but you still see things in wireshark. same kind of effect as with blocking as much as one can in the win7 firewall – barlop – 2014-05-08T21:30:54.493

Asked: 2011-04-10T02:09:06.800

Viewed: 125 554 times

Active: 2011-10-08T18:24:21.593