Block an application from accessing the network, except for a single IP address

Question

How would I go about preventing a specific .exe from accessing any network (TCP) resources, with the exception of 1 or 2 IP addresses?

Can it be done with Windows Firewall (netsh or UI) and/or IPSec? If so, how?

Note:

I don't want to set my default firewall behavior to BLOCK.
OS is Windows 10 Pro

Thank you!

You say "I want to prevent, but don't want to BLOCK". Isn't that contradictory? — RonJohn, Oct 14 '18 at 00:00
@RonJohn, don't want to set my default network action **on my NIC** to deny/block. Do want to set the network action **for that process/exe** to deny/block, though — Adam Plocher, Oct 14 '18 at 08:46

score 8 · Accepted Answer · edited May 02 '23 at 19:03

8

According to this answer you can't create an exception for an outgoing block rule.

So instead you will need to create multiple block rules for the executable, so as to cover the entire IP address range apart from those addresses you want to allow.

For example, if you wanted to only allow traffic to 100.100.1.33, you would create block rules for 0.0.0.0-100.100.1.32 and 100.100.1.34 through 255.255.255.255.

edited May 02 '23 at 19:03

anthonypants

53
5

answered Oct 13 '18 at 21:04

Harry Johnston

6,005
4
35
52

Ah hah, good idea.... gonna try that and I'll report back shortly. Thank you – Adam Plocher Oct 13 '18 at 21:59
I do believe that worked, thank you. Btw, it can be done with a single rule with multiple IP ranges. Thanks! – Adam Plocher Oct 13 '18 at 22:05

Block an application from accessing the network, except for a single IP address

1 Answers1