How to block a program from using IPv4?

Question

I have a program that can communicate over IPv4 (TCP and UDP) and over IPv6 (TCP and UDP). I want to block the program from being able to use IPv4.

I tried the Windows Firewall:

Except it blocks IP sub-protocols (e.g. TCP, UDP, encapsulated IPv6, GRE), rather than blocking IPv4 itself.

In other words, I need to block IPv4:

• IPv4/TCP
• IPv4/UDP
• IPv4/ICMPv4
• IPv4/GRE
• IPv4/L2TP

while allowing IPv6:

• IPv6/TCP
• IPv6/UDP
• IPv6/ICMPv6
• IPv6/GRE
• IPv6/L2TP

Can I block a program from using IPv4?

Note: If it cannot be done, then don't be afraid to add that as an answer. There's no shame in giving the correct answer to a question.

Answer 1

Note that the following doesn't work every time.

In Windows Firewall add a blocking rule for your program for the remote range 0.0.0.0 to 255.255.255.255 on any protocol.

If the program is designed to do so, it falls back on using ipv6.

If you want the inverse, to force the use of ipv4 you block the ipv6 range :: to ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff

For example this works for updating Visual Studio Community 2017 as the updater is using ipv6 by default and the download speed is sometimes seriously throttled down.

Answer 2

There's no way to do this with the Windows Firewall unless the client itself supports it. Most applications will use RFC 3484 to determine the best protocol to use if they are both available. A good explanation:

How do client applications know to use IPv4 or IPv6?

Your options would be either:

• Force the protocol if the application supports doing so (eg. uTorrent supports IPV6-only mode)
• Using a third party firewall that supports protocol preference per-application.
• Using a third party firewall that supports protocol preference based on the port.

This is an unusual requirement, so I don't know of any third party firewalls off-hand that support it.