The Windows Firewall is a security application that comes preinstalled with the Windows OS. It acts as a filtering mechanism for data packets that come in and out of your system via the network.
The firewall can be used to block websites, certain applications, specific IP addresses, and even ports. This is achieved by configuring the Windows Firewall to block or allow incoming or outgoing packets by filtering each one.
In this post, we discuss how you can use Windows Firewall to configure website filtering, IP filtering, application filtering, and port filtering. This can be done using the Firewall itself and through Windows PowerShell. But before we do, let us discuss what exactly Windows Firewall is, how it works, and who needs to configure it.
Table of Contents
What is Windows Firewall
Windows Firewall, or Windows Defender Firewall, is a Microsoft software application embedded with the operating system. It is used to filter the incoming and outgoing traffic of data packets from your system via the network, whether wireless or wired.
By default, the Windows Firewall is enabled and configured to allow all sorts of traffic to come or go from your PC. However, you can alter its settings to apply filters and block the packets.
Each packet contains a header and a payload. The header has both the destination and the source IP addresses, amongst other information. Windows Firewall filters the traffic using these IP addresses, port information, and other data by examining each packet.
If the firewall finds a rule to block or allow the traffic for a certain app, IP address, website, or port, then it performs the respective action on those respective packets, which is how the filtration process works.
Who Needs to Configure Windows Firewall
Applying new rules to Windows Firewall doesn’t need to be done by every user. Depending on what your requirements are, you can configure the firewall accordingly.
Most home users do not need to perform any actions on the firewall if it is for personal use. However, if their children are also using the same computer, then they can block prohibited apps and websites from being accessed.
If you work inside an organization, then the Windows Firewall can be configured to block employees from accessing social media websites, or other unproductive online content.
If you work on a system where all data is configured to be blocked through Windows Firewall, then you can add a rule to allow only certain types of traffic to pass through, while blocking all others.
Before you start configuring the firewall, consider all the tangent pros and cons.
Pros and Cons of Allowing/Blocking Using Windows Firewall
Now that we understand how Windows Firewall works, you must also understand that each packet will be inspected before it is forwarded to its destination, whether it’s inbound traffic or outbound.
This means added delay in your network and will seem like your internet is (slightly) slow. This will also significantly higher system resources when the firewall is inspecting the packets.
On the contrary, configuring Windows Firewall also has benefits. You do not need external firewall hardware to filter the network traffic, saving costs. Additionally, configuring the firewall will prevent potential attackers from accessing your PC remotely, keeping your system as well as your data secure.
Moreover, you will be prompted when an app or program is trying to access the internet, giving you will control over whether or not to permit it.
Hence, configuring the integrated firewall enhances your privacy.
How to Block/Allow IP Address or Website/Domain on Windows
The Windows Firewall is unable to filter any packets using URLs. Hence, if you wish to allow or block a website, you must first determine its IP address or range of IP addresses. This limitation makes the method to block an IP address or a website very similar.
If you are not sure which IP address(es) you need to block, follow the steps in the given section below to determine the IP address of a domain/website. If you do know which IP address to block, then skip this next section and learn how to allow/block an IP address using either Windows Firewall or PowerShell from the given sections under it.
How to Find the IP Address of Website
You can use either of the following cmdlets in an elevated PowerShell to find the IP address or range of IP addresses for a website/domain.
Resolve-DnsName "website.com"nslookup "website.com"Replace website.com with the domain name.
You may now get 1 or more IP addresses in return (both IPv4 and IPv6). Note them down and then continue to the next step to allow or block this website’s IP address(es).
From Windows Firewall
If you know which IP address you wish to block or allow, follow these steps to do so using Windows Firewall:
-
Open Advanced Firewall Settings by typing in wf.msc in the Run Command box.
Open Advanced Windows Firewall settings -
Now click Outbound Rules from the left pane and then right-click it. Then click New Rule from the context menu.
Create new outbound rule -
The New outbound rule wizard will now open. Select Custom and then click Next.
Create custom outbound rule -
Now select All programs and then click Next.
Apply rule to all programs -
Now select Any from the drop-down menu in front of “Protocol type” and then click Next.
Select the protocol to apply the rule to -
Select These IP addresses under the “Which remote IP addresses does this rule apply to” and then click Add.
Add remote IP addresses -
Now select This IP address or subnet and then enter the IP address you want to allow or block. This IP address can also be of a website if you want to allow or block it, or it can be an IP address with a subnet mask if you want to block the complete subnet.
Click Ok when entered.
Enter IP address to block Note: You can also select This IP address range if you want to allow or block a range of IP addresses, and then fill in the IP address range details in the From and To text fields.
-
(Optional) If you want to allow/block more IP addresses (including IPv6 addresses), click Add again and repeat Step 7.
-
Once the IP addresses have been added, click Next.
IP addresses have been added -
On the next screen, select one of the following options depending on whether you want to allow those IP addresses or block them:
- Allow the connection: If you want to allow the IP address(es). This will be used if your default policy is set to block all connections.
- Block the connection: If you want to block the IP address(es).
Click Next when selected.
Allow or block the IP address(es) -
Now select the network types you want to apply this rule on, and click Next.
Select the network type to apply the rule on -
On the final screen, enter a custom name for this rule and click Finish.
Name the firewall rule
The Windows Firewall will now block the IP address(es) or website. However, since some websites have many different IP addresses rerouting to the destination address, one rule may not completely block the website.
If it did work, then accessing a blocked website will show you the following statement:
Firewall or antivirus software may have blocked the connection.
If you later want to undo your action by allowing a blocked website/IP address, or blocking an allowed website/IP address, all you need to do is either change the rule you created, disable it temporarily, or simply delete it.
To disable or delete the outbound rule, navigate to the Outbound Rules folder inside the Advanced Windows Firewall settings, right-click on the rule, and click either Disable Rule or Delete from the context menu.
Using PowerShell
If you know which IP address you wish to block or allow, follow these steps to do so using Windows PowerShell:
Note: These steps guide on how to create a new rule to allow or block IP address(es). If you wish to change the setting of an existing rule using PowerShell, continue to the section below.
-
Open an elevated PowerShell instance.
-
Now use the following cmdlet to create a new firewall rule to allow or block an IP address.
Replace [CustomName] with a name for the rule, and [IPAddress] with the IP address that you want to allow or block. Also, replace [ActionToPerform] with either “Allow” or “Block” depending on whether you want to allow or block the IP address(es).
You can optionally add “/” followed by a subnet mask after the IP address if you want to allow or block the complete subnet.
New-NetFirewallRule -DisplayName "[CustomName]" -Direction Outbound –LocalPort Any -Protocol TCP -Action [ActionToPerform] -RemoteAddress [IPAddress]
Block IP address or website using PowerShell -
The website/IP address(es) will now be allowed/blocked. At this point, note down the GUID given in front of the “Name” field returned after running the cmdlet and save it as it will be needed in the future if you ever wish to delete the rule.
Note and save the GUID
A new rule in Windows Firewall will now be created by the custom name you entered. However, the steps above only apply to creating a new rule. If you wish to undo these changes, you either need to use the steps given below that apply to an existing firewall rule, or delete this rule.
Edit Existing Firewall Rule using PowerShell
To allow a blocked IP address/website for which there is already a firewall rule in place, use this cmdlet:
Set-NetFirewallRule -DisplayName "[CustomName]" -Action Allow
To block an allowed IP address/website for which there is already a firewall rule in place, use this cmdlet:
Set-NetFirewallRule -DisplayName "[CustomName]" -Action Block
Delete Firewall Rule using PowerShell
To delete a rule, you need to use the GUID for the firewall rule which we noted earlier when creating the rule. Replace [GUID] with the noted GUID in this cmdlet to delete the associated firewall rule:
Remove-NetFirewallRule -Name "[GUID]"
If you do not have the associated GUID, use the following cmdlet to obtain the GUIDs of all the outbound firewall rules. For inbound rules, replace “outbound” with “inbound.”
Get-NetFirewallRule -Direction Outbound | Select-Object Name, DisplayName, Description
How to Block/Allow Network Ports on Windows
Network ports are used by Windows services and applications to send and receive data over the network. On top of a unique IP address, a port defines what application or service on that particular device to send that information to.
You can allow or block these network ports using Windows Firewall as it makes your system safer. Open ports that are listening can be dangerous as they increase the attack surface area for hackers.
Learn how to check which ports are open/listening.
Blocking a port using a firewall is the same as closing it. Ports can be blocked or allowed using both Windows Firewall and PowerShell.
From Windows Firewall
Follow these steps to block a port from listening or allow it on your computer using Windows Firewall:
-
Open Advanced Firewall Settings by typing in wf.msc in the Run Command box.
Open Windows Firewall advanced settings -
Now click Outbound Rules from the left pane and then right-click it. Then click New Rule from the context menu.
Create new outbound rule -
The New Outbound Rule wizard will now open. Select Port and then click Next.
Create new port rule -
On the next screen, select the type of port you want to allow or block, and then enter the port number in front of Specific local ports. Click Next when done.
Specify port number and type -
On the next screen, select one of the following options depending on whether you want to allow the port or block it:
- Allow the connection: If you want to allow the IP address(es). This will be used if your default policy is set to block all connections.
- Block the connection: If you want to block the IP address(es).
Click Next when selected.
Allow or block the port -
Now select the network types you want to apply this rule on, and click Next.
Select network type to apply the rule on -
On the final screen, enter a custom name for this rule and click Finish.
Name the firewall rule
The specific port will now be allowed to listen on or be blocked, depending on what you selected in Step 5 above.
If you feel like removing or disabling this rule in the future, all you need to do is either change the rule you created, disable it temporarily, or simply delete it.
To disable or delete the outbound rule, navigate to the Outbound Rules folder inside the Advanced Windows Firewall settings, right-click on the rule, and click either Disable Rule or Delete from the context menu.
Using PowerShell
Follow these steps to block a port from listening or allow it on your computer using Windows PowerShell:
-
Now use the following cmdlet to create a new firewall rule to allow or block a network port.
Replace [CustomName] with a name for the rule, and [Port] with the port that you want to allow or block. Also, replace [ActionToPerform] with either “Allow” or “Block” depending on whether you want to allow or block the port.
New-NetFirewallRule -DisplayName "[CustomName]" -Action [ActionToPerform] -Direction Outbound -Profile Any -Protocol tcp -RemotePort [Port]
Block port using PowerShell -
The network port will now be allowed/blocked. At this point, note down the GUID given in front of the “Name” field returned after running the cmdlet and save it as it will be needed in the future if you ever wish to delete the rule.
Note down GUID
A new rule in Windows Firewall will now be created by the custom name you entered to allow/block the network port. However, the steps above only apply to creating a new rule.
If you wish to undo these changes, you either need to edit an existing firewall rule or delete it.
How to Block/Allow Apps or Programs on Windows
You can also block an application or a Windows program from accessing the internet by blocking it through Windows Firewall. This can be done using the advanced Windows Firewall settings, through the “allowed apps” settings in the Control Panel, and using Windows PowerShell.
From Control Panel
Follow these steps to allow or block an app or program using the Control Panel:
-
Open the Firewall applet by typing in firewall.cpl in the Run Command box.
Open FIrewall applet -
Now click “Allow an app or feature through Windows Defender Firewall” on the left.
Allow an app through the firewall -
(Conditional) If the checkboxes on the next page under “Allowed apps and features” are grayed out, then click Change settings.
Change allowed app settings You should now be able to manage the allowed apps through the checkboxes which were previously grayed out.
-
Now, check or uncheck the boxes to the left of the app that you want to allow or block through the firewall. The apps and programs which a checked box are allowed through the firewall, while the unchecked ones are blocked.
Allow or block apps and programs from Control Panel -
Also, check on which network types you want to allow the app. This is defined by the checkboxes on the right side of the app under the respective columns (Public, Private, or Domain).
Select type of network to allow/block -
If you do not find the app or program in this list, then click Allow another app and then click Browse.
Browse for another app to allow/block -
Now browse for the app you want to add to the list and then click Add.
Add another app -
When all configurations are done, click Ok to save the changes.
Save changes
The application or program will now be allowed or blocked from accessing the network by Windows Firewall. If you want to undo these changes in the future, simply use the checkboxes to allow or disallow them.
From Advanced Firewall Settings
You can also block or allow an app or program from transmitting outbound data using the advanced Windows Firewall settings. Here is how:
-
Open Advanced Firewall Settings by typing in wf.msc in the Run Command box.
Open Windows Firewall advanced settings -
Now click Outbound Rules from the left pane and then right-click it. Then click New Rule from the context menu.
Create new outbound rule -
The New Outbound Rule wizard will now open. Select Program and then click Next.
Create new app/program rule -
On the next screen, select This program path and then click Browse.
Browse for app/program -
Now browse for the app or program that you want to allow or block. When selected, click Next.
Select app/program and proceed -
On the next screen, select one of the following options depending on whether you want to allow the app or block it:
- Allow the connection: If you want to allow the IP address(es). This will be used if your default policy is set to block all connections.
- Block the connection: If you want to block the IP address(es).
Click Next when selected.
Allow or block the port -
Now select the network types you want to apply this rule on, and click Next.
Select network type to apply the rule on -
On the final screen, enter a custom name for this rule and click Finish.
Name the firewall rule
The application will now be successfully allowed or blocked from accessing the network. However, the app will still run on your computer.
If you feel like removing or disabling this rule in the future, all you need to do is either change the rule you created, disable it temporarily, or simply delete it.
To disable or delete the outbound rule, navigate to the Outbound Rules folder inside the Advanced Windows Firewall settings, right-click on the rule, and click either Disable Rule or Delete from the context menu.
Using PowerShell
Follow these steps to create a Windows Firewall rule to allow or block an app using Windows PowerShell:
-
Now use the following cmdlet to allow or block an app:
Replace [CustomName] with a name for the rule, [ActionToPerform] with either “Allow” or “Block” depending on whether you want to allow or block the application, and [ProgramPath] with the complete path for the .EXE file for the program.
New-NetFirewallRule -DisplayName "[CustomName]" -Direction Outbound -Program "[ProgramPath].exe" -Action [ActionToPerform]
Block app/program using PowerShell -
The program will now be allowed/blocked. At this point, note down the GUID given in front of the “Name” field returned after running the cmdlet and save it as it will be needed in the future if you ever wish to delete the rule.
Note and save the GUID
A new rule in Windows Firewall will now be created by the custom name you entered to allow/block the network port. However, the steps above only apply to creating a new rule.
If you wish to undo these changes, you either need to edit an existing firewall rule or delete it.
Closing Thoughts
The Windows Firewall is a handy software when it comes to filtering internet traffic on your PC. This is excellent for parents to control what their children can and can’t access.
We would also like to add that the methods described in this post can be manipulated as per your needs. For example, if you want a port to work internally but not communicate over the network, you can create an inbound firewall rule for it instead of an outbound rule.
