0

This is probably a noob question:

I want to block all the outbound external traffic (public internet) but still allow all the internal traffic (from the local net). What I tried is:

  • Allow outbound connections that do not match a rule.
  • Added a new rule that matches all programs, services, protocols, remote IP addresses and the local IP address 1.1.1.1 (since I have to enter at least one).

If instead of matching that IP address I match any address, then the rule effectively blocks everything (including local traffic). But with my approach, the rule stops working and all traffic (including external one) is allowed.

I don't understand why making the rule to match a subset of local IP addresses causes the rule to stop working.

Thanks!

Gonzalo Solera
  • 121
  • 1
  • 5
  • The only way I know how to implement what you describe with Windows Firewall would be to use a proxy. This would allow you to create a single deny rule for the proxy, thus allowing you to create an allow rule for all internal traffic. **What you really need is a hardware solution, which allows you to deny all traffic, that is outside of your internal network.** – Ramhound Oct 03 '19 at 20:17
  • Thanks for your comment, but I would like to understand why this approach doesn't work. And why the firewall shows this behaviour when I filter by IP. – Gonzalo Solera Oct 04 '19 at 06:49

0 Answers0