If you use the Internet, you will also need a firewall, which provides security by checking incoming and outgoing traffic. The app built into Windows performs this function, but it will only be really effective if you change some basic settings.
Many people don’t even know that Windows has its own firewall service. And the thing is, this is very well because the ignorance basically comes from the fact that Windows Firewall is active immediately after installation and its settings are perfect for general purpose. If someone comes across this function, it is mostly because an installed application or game wants to connect to the Internet and asks for permission to do so.
The basic task of a firewall is to analyze outgoing and incoming data packets, and then, based on predefined rules, to decide whether to allow or block a particular packet. In a very simplified way, the operation of the firewall must be imagined in such a way that it checks whether the data packets coming from the outside have arrived on request or not. As we mentioned a few lines above, the basic settings of Windows Firewall are perfectly suitable for average users, but what happens when unique needs arise – for example, we want to prevent a software from connecting to the Internet, or we want to prevent a specific Do any data packets arrive at the computer from an IP address or IP address range?
In reality, both can have a right to exist. The good news is that Windows Firewall is capable of these stunts – and many more – and we’ll show you the fastest way to implement the extra settings.
Basic information
The easiest way to access the Windows Firewall is to open the Start menu and type “firewall”. The Firewall and network protection option will appear among the search results, you must click on it. If you would prefer to go the classic route, open the Control Panel with the (Win + I) key combination, and within it select the Privacy and security > Windows security > Firewall and network protection options. If you decide on the latter version, it has the positive benefit that before the last step, a small green tick or yellow exclamation mark shows whether everything is fine with the firewall settings or whether intervention is required.
The overview screen immediately shows whether the firewall is on on the domain network, the private network and the public network – the Windows firewall distinguishes between these three types. Domain networking may not be available as an option; it is something that is typically active in a corporate environment.
In the case of a home computer, we can choose between the private network and the public network. The basic difference between the two is that, in the case of a public network, the Firewall also protects the computer from devices connected to the same network, while in the case of private networks, the rules are more permissive for devices in the same IP address range. As a result, it is forbidden to use the private network connected to public Wi-Fi, but in most cases the public option is the better choice at home – one of the few exceptions is if you store data on your PC that you want to share with others, that is also with devices connected to a home network. A label shows which of the three types of options is active – in our case, this is the public option.
Tipp: if you want to change the type of connection, click on the network or Wi-Fi icon on the right side of the Taskbar, select the Network and Internet settings option, then Properties in the top row of the pop-up window.
Advanced settings
You can access the detailed rules and settings by clicking on the Advanced settings option in the Firewall and network protection window. Advanced settings apply to all network types, regardless of which one is currently active. All the rules for incoming and outgoing data connections are available in the Enhanced Security Windows Defender Firewall window, you can view them by clicking on the appropriate section in the left panel. As you can see, Windows Firewall intelligently includes pre-made rules for the operating system’s own processes as well as for after-installed, trusted software – for example, Firefox or Brave browser, VNC and so on. You can modify the operation of the firewall by modifying or deleting rules, or by creating new rules.
Tipp: if you use security software that includes not only an antivirus but also its own firewall service, Windows will detect it and turn off the built-in firewall function. In this case, it is also valid that the operation of the firewall can be influenced by modifying the rules, but in this case, the settings of the separate program must be modified, not the Windows Firewall. (By the way, you have to look for similar options, so the methods described in the article also work with other applications – of course, the exact setting process will certainly be different.)
Restriction of outgoing traffic
By default, the Windows firewall does not restrict the communication of installed applications, so they can freely access the Internet. This is not necessary in most cases, because the task of the firewall is not to prevent the communication of a virus that has entered the PC, but to protect the PC from external attacks. The antivirus is designed to keep viruses out, and to dispose of any malware that may have entered the PC.
At the same time, you may not want to allow online communication for a particular program after all. There may be a compelling reason for this, for example, if you do not want to release a program used by children onto the Internet, but a firewall rule can also be used to prevent individual applications from pulling in ads from the Internet. Also, automatic updating can also be prevented with absolute certainty, if you want to achieve this for some reason.
Click on Outbound rules in the Enhanced security Windows Defender firewall window, then check the list to see if a rule has already been created for the given program – if so, modify the given rule! There may be more than one rule for the same program – in which case each rule belongs to a different user.
If there is no rule yet, click on the New rule… option in the right panel. With the help of a wizard, you can create the new rule in seconds. The first step is to select the type of rule you want to create. In the example, there is a rule assigned to a specific program, but it is possible to assign the rules to a port, you can also choose from Windows’ factory rules, and you can specify completely unique parameters. Click on the Program option and then on the Next button!
In the next window, you must specify whether the firewall rule should apply to all applications installed on the PC, or only to one software – in the latter case, of course, you must also specify the path to the program.
Tipp: be careful when choosing the program, because if you accidentally choose the wrong application that you want to block, the rule will not work as you intended. It also follows from this that if you want to block the Internet access of several applications, you must set a separate rule for each of them.
If you are satisfied with this, you can set it so that the firewall allows it, or only allows it during a secure connection, or always prohibits communication.
In the last step, you can specify which types of networks the rule applies to. By default, all three types are active, and it is typically not necessary to change them.
Tipp: When creating a new rule, it is immediately active after saving the rule, so you can test whether it works right away. By the way, it should also appear in the list; and a red icon next to its name indicates that data traffic is blocked based on the rule. If you want to change the rule later, double-click on its name. If for some reason you just want to disable it temporarily, you can do so by clicking with the right mouse button in the pop-up menu.
Restriction of incoming traffic
Of course, it is also possible if we do not want to limit outgoing traffic, but incoming traffic. This may be desirable, for example, if another device on the network is constantly scanning the PC, but there may also be a case when some external device wants to establish an unwanted connection with the computer via the Internet.
Incoming rules are set up in exactly the same way as outgoing rules – with the difference, of course, that you have to start the creation of the new rule in the Incoming rules section in the left panel. In this example, we will see how to exclude an IP address range.
In the first step of the wizard, the Custom option must be specified, and in the second step the All programs setting, since we want to ensure that no program installed on the machine receives data packets from the specified IP address range.
In the third step, you can set which protocols and ports the rule applies to – according to the default setting, all protocols and ports are covered by the rule, change this only in very justified cases!
Then you can set the IP addresses or IP address ranges; you can manage local and Internet IP addresses in a separate list for transparency. You can record an IP address or IP address range with the Add button.
From here, the process is familiar: after enabling or disabling data traffic, you can save the new rule.
If you feel that the Windows firewall is not enough
If you don’t trust the Windows firewall (which you have no reason to do anyway), or if you feel like you want to gain more control over your firewall settings, you can do so with separate software. If you don’t mind the fine details, we recommend Portmaster, a free application firewall. With it, among other things, you have the option to send the software’s communication through a secure DNS service provider. This is a function similar to the one that can be set in browsers for some time – Portmaster extends this type of protection to installed programs as well.
The software also has a lot of extra services, based on its own list it can filter, for example, the IP addresses used by the most common malware or the domains that are typical ad serving servers, but there is also a separate list for websites with sexual content and phishing websites.
Source: www.pcwplus.hu
