Allow 1 specific IP in block outbound traffic in windows firewall via powershell

Question

I want to allow 1 specific IP in windows firewall via windows power Shell. I did block all the traffic via following power shell rule

New-netfirewall -Direction outbound -Action block

I did allowed ICMP traffic via following Power shell

New-netfirewall -Direction outbound -Action allow -ICMPType any -Enabled true

But when I ping to any host it shows general failure.

in short block all traffic except the one I allow. I did add the allow rule first then block rule. But same situation occurred. I am beginner in windows power shell and windows firewall. All the suggestions are welcome and thanks in advance.

Blocking all outbound connections is to be avoided, since Windows needs access to the internet for all sort of checks. — harrymc, Dec 20 '21 at 11:05
Well I want something like that block every traffic except the one I allow. — Sikander Hayyat, Dec 20 '21 at 20:09
Well, in this case I think you're missing `-Protocol ICMPv4 -Profile Any `. — harrymc, Dec 20 '21 at 20:27

score 1 · Answer 1 · answered Feb 03 '22 at 14:16

You have created a "block all" rule with your first command, but according to Windows Firewall precedence rules block rules are evaluated before allow rules, thus no allow rule can let your traffic go outside in this configuration. However, there is a default policy for a firewall profile described in this question How to block all traffic but one IP in Windows Firewall? which you should set to block all outgoing traffic, then provide allow rules for the traffic you really want to go out (like IPv4 ICMP to any host) and drop the "block all" rule out of the list for that profile. Should do.

Allow 1 specific IP in block outbound traffic in windows firewall via powershell

1 Answers1