How to create advanced rules in the Windows Firewall

Forget all the third-party firewall tools out there that promise to protect your PC.  The Windows Firewall is advanced enough and has everything you need.

Today I just want to show you how to block a specific application from running and show you what you can do.

Let’s be honest: the Windows Firewall tool is intimidating.  It’s not for children under the age of 35.  Its not very user friendly and therefore sometimes it’s easier to look for a third-party solution.

There’s a dizzying array of panes, rows and rules.  There’s also a vertiginous variety of settings.  How do you know where to start?

Start with fixedByVonnie of course! haha so check it out – let’s launch this thing.


 

Press the Windows Key and type "firewall" or if you’re on a Windows 8/8.1 PC press the Windows logo Key + w and enter firewall.

Say Hi to your Windows Firewall.

Say Hi to the Windows Firewall

The first thing you’ll notice are three security profiles:

  • Domain Networks
  • Private Networks
  • Guest or Public Networks

So the Windows Firewall is way smarter than a box of bricks.  It can detect when you’re connected to a specific network and then apply specific rules only to that network.

So if you’re in the workplace attached to the corporate domain network you’ll get a specific set of restrictions but when you go home and connect to your private network you can have a different set of restrictions.  The other profile labeled “Guest/Public Network” is best for when you’re using an untrusted network such as from a hotel lobby, coffee shop or airport terminal.

I should also mention that you can apply multiple profiles to a single application.  So you can permit Google Chrome on the Private and Guest networks but forbid it on the corporate network.


 

By default Windows will block all inbound connections and allows outbound requests.

This means the mendacious cartel of hackers half way around the globe can’t infiltrate your PC without getting kicked in the groin by the Windows Firewall.

If you just want to start blocking and allowing specific applications, click Allow an app or feature through Windows Firewall in the upper left corner of the window.

Firewall Allowed Apps

Now you can sift the list and pick which profiles should allow access.

Incidentally, it’s always safer to allow an app than a port because closing the application closes the firewall hole.  If you allowed the port instead then it could remain open even after the application assigned to use it stops running.

The Allowed Apps list in the Windows 8.1 Firewall

Let’s dive into some advanced configuration.

By the way, I’m running on zero hours of sleep so if this post is incoherent – that’s why.  You’ve been warned.  Having a new born son will do that to ya.

Click Advanced Settings which is located in the middle of the left pane of the main Firewall screen.

This will open a byzantine mess of policies, profiles and rules that might give you the runs. (assuming you had prunes for lunch)

All three blocking profiles are displayed in the middle pane.  They’re flanked on both sides by your rules and actions.

If you click Windows Firewall Properties in the center pane you can really tune the behavior of all three profiles.

Welcome to the Windows Firewall with Advanced Security

For example, each tab along the top corresponds to a firewall profile.

Here you can completely disable specific profiles.  You can also change the behavior for inbound, outbound and protected network connections (stuff like your Bluetooth networks).

Advanced Security Settings in the Windows Firewall

If you notice certain applications stopped working that you wanted to keep running you can always dive head first into the logs.

%systemroot%\system32\LogFiles\Firewall\pfirewall.log

Rules rule

Click the type of rule you want to create from the left pane (Inbound, Outbound, etc) and then choose New Rule… from the right pane.

Sounds like a bad dance.  Put your left hand here, put your right hand there, shake your ass and then do a little shout.  Okay that made no sense – let’s continue.

Create a new firewall rule

You basically get four rule options:

  • As you guessed, Program lets you allow or deny a specific program.
  • Ports lets you pick TCP or UDP ports.
  • Predefined are like Windows presets; basically pre-configured rules for popular devices.
  • Custom gives you maximum control over every last detail of the rule.  Unless you’re the OCD type you probably won’t be using this one.

The steps listed in the left pane change depending on the rule you choose in the right pane.  So when I choose Program, I see a Program step but if I choose Custom I get Program, Protocol, Ports and Scope steps.

New inbound firewall rule

If I wanted to stop people on this computer from running Google Chrome I could simply browse to the Chrome executable and click Next.

Firewall Program Path

Now we’re ready to tell the Windows Firewall to kick Chrome in the pants.

Allow the connection assumes we’re already blocking everything.  This would be like creating an exception for one app.  Let’s block it for now.

Blocking a connection in the Windows Firewall

Now we just pick all relevant profiles…

Pick your Firewall profile

And give your rule a meaningful name before clicking Finish.  This is the same name that will appear in your rules list so make sure you can easily find it.

Name your Firewall rule

That’s it.  Now you can delete the rule, clone it or keep it around in a dormant state.

Windows Firewall Rules rock

Alright I’m going to take a nap, I’m seriously about to pass out.  Leave a comment and I might respond when I wake from my coma.

About

Connect with Vonnie on Twitter

Posted in Windows, Windows 7, Windows 8, Windows 8.1 Tagged with: , ,