Configuring Windows Firewall for an Application


How to deny Internet access to all programs except Google Chrome?


If we are talking about a built-in firewall, then you need to change its rules. Previously, you can save the current configuration (for example, to the file old.wfw) with the following command:

netsh advfirewall export c:\temp\old.wfw

Revert the rules back, respectively:

netsh advfirewall import c:\temp\old.wfw

You can then remove all active rules or disable them. After that, you need to put the firewall into blocking mode for all connections:

netsh advfirewall set currentprofile firewallpolicy blockinbound,blockoutbound

Then you need to add a rule for DNS queries (if needed)

netsh advfirewall firewall add rule name="DNSquery" dir=out action=allow protocol=UDP remoteport=53  enable=yes

And finally, the rule for the browser to work (for 32-bit Windows):

netsh advfirewall firewall add rule name="Browser" dir=out action=allow program="%ProgramFiles%\Google\Chrome\Application\chrome.exe" protocol=any enable=yes

PS If the correct operation of the autoconfiguration of the IP-protocol of network interfaces is required, you can leave active the rules related to the operation of the DHCP-protocol. PPS To restore the default firewall configuration, use the command

netsh advfirewall reset

Do not forget that the specified control commands are executed in the console with administrator rights and are valid only for firewalls of operating systems NT6 platforms (older than XP / Srv2003)

Scroll to Top