Wednesday, March 18, 2015

networking - How do I use Windows Firewall allow an application inbound/outbound access to ONLY a single IP?




How do I set up the built in windows firewall in a way that follows this logic...



Allow ALL traffic to/from [Application] to/from [IP]



Deny all OTHER traffic to/from [Application]



.



Essentially, a whitelist of IPs, but ONLY for that specific application.




I know I could do this with a global deny + an allow for the one application. But then everything else would be denied and I can't have that.


Answer



Here is my idea:



Using Windows Defender Firewall with Advanced Security, you may create a Custom
rule pertaining to the program in question.



When you arrive in the New Rule wizard to the Scope section,
choose for remote IP addresses the option of "These IP addresses", click "Add...",
choose "This IP address range", and give a range of 0.0.0.1 and up to

the allowed address minus one. Create the rule as blocking.



Repeat this for creating another rule for this program that blocks
the address range of from the allowed address plus one
and up to 255.255.255.253.



Now only that IP address should be allowed for this program.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...