6

The current situation:

I disabled network connectivity to a particular IP on my Windows computer. In other words, if my system tries to connect over the internet to that specific IP address, it will not be able to do so.

I disabled the connectivity as mentioned above, by following the steps described in the following post: How can I disable network connectivity to a particular port or IP address in Windows?
which describes making an outbound rule to block a remote ip

My Goal:

I would like to allow one single program on my Windows to use that IP and connect to the internet through it (right now that program, like all programs, cannot access internet through that IP, due to the above-mentioned outbound rule).

In other words, my goal is to create an exception to the above mentioned outbound rule, that will allow that specific program to access the Internet through that IP. The outbound rule should apply to all programs and services, except one.

How can I configure things to work this way? Could you please help me?

Community
  • 1
YoYo
  • 61

3 Answers3

11

According to the Windows Firewall documentation, block rules always take precedence over allow rules, therefore even if your allow rule looks more specific than a block rule, the allow rule will not work, and the traffic matching both allow and block rules will be blocked. The option “Allow this firewall rule to override block rules” is available only for rules which require IPSec, and is not available for outbound rules.

The only thing you could do with Windows Firewall to achieve something close to what you need is to switch the default behavior for outbound connections to “Block”, then add explicit allow rules for all outbound connections that you need (not just for that single program). Alternatively, you can look for third-party firewall software with more features.

Sergey Vlasov
  • 3,068
7

If you want to allow only one address for any program, e.g. 10.10.10.10, you can make 2 rules: One for block addresses 1.1.1.1 - 10.10.10.9 and an another for block 10.10.10.11 - 255.255.255.255. For me this works.

bestefan
  • 71
3

the answer from Sergey Vlasov is still correct you can make the above rule for a single program as well, simply set the rule for a program not all programs.

so you set up 2 or more rules (depending on how many ip addresses you want to allow) and block all others. so for example if you only want to allow

10.10.10.10

and

20.20.20.20

you set up rules:

block from 0.0.0.0 to 10.10.10.9 and 10.10.10.11 to 20.20.20.19 and 20.20.20.21 to 255.255.255.255

and you voila ...

Klaus
  • 31