3

I'm trying to block all outbound traffic to most remote IPs except for 2 ranges. Since the default behavior for outbound traffic is to allow everything, I need a block rule to block everything except the 2 ranges.

So I created an outbound block rule with the following remote address ranges:

0.0.0.0 - 10.0.0.0
10.0.255.255 - 200.190.0.0
200.190.255.255 - 255.255.255.255

Notice I'm trying to block all remote addresses except

10.0.0.1 - 10.0.255.254
200.190.0.1 - 200.190.255.254

This rule won't work and all traffic is allowed. How do I know the problem is in the IP ranges and not something else in the rule? If I change the range to 0.0.0.0 - 255.255.255.255 or click the "Any IP address" it works perfectly and everything gets blocked. There must be some trick in these intervals. Something like you can't mix different address classes in the same range.

Hannu
  • 10,568
Gustavo
  • 193

1 Answers1

4

To block every outgoing packet, except specific ones, it is easier to configure the firewall to block, then write rules to allow.

Right-click on the global firewall properties, then "Properties". You'll find the default rule for outgoing connections. Set it to "Block".

enter image description here

Then write your "Allow" rules.

 

If I create the rule you speak about, I have no problem:

netsh  advfirewall  firewall  add rule  name="@@ test"  enable=yes  profile=any  dir=out   action=block   remoteip=0.0.0.0-10.0.0.0,10.0.255.255-200.190.0.0,200.190.255.255-255.255.255.255
ping 1.2.3.4  --> error
ping 10.0.0.1 --> ok
ping 10.1.0.1 --> error

Windows 11 pro up to date

Gregory MOUSSAT
  • 1,120