0

I installed a firewallrule on a Windows 7 System:

netsh advfirewall firewall add rule name="BLOCK myProgram" dir=out program="%ProgramFiles%\myProgram\run.exe" enable=yes profile=any action=block

now i want to bypass this rule for one special ip adress 192.168.0.123

(i think this is quite difficult, because "block" has higher priority than "allow"... this is a fresh windows 7 system. there are no other rules. so maybe this could be done by setting some default rules... because the system only needs to communicate with 192.168.0.123)

Improve this question
1
  • 1
    Block all outbound and then allow that IP for that program.
    – Biswapriyo
    Commented Nov 20, 2017 at 15:53

1 Answer 1

Reset to default
0

Unfortunately the Windows firewall does not have a way to manually prioritize rules (i.e. put an allow rule for the specific IP above a block rule). What I think you will need to do is to change the block rule so that the IP(s) you want to allow are excluded from the rule.

Try deleting your previous rule and replacing it with:

netsh advfirewall firewall add rule name="BLOCK myProgram" dir=out program="%ProgramFiles%\myProgram\run.exe" enable=yes profile=any action=block localip=0.0.0.0-192.168.0.122,192.168.0.124-255.255.255.255

See also: Order of Windows Firewall with Advanced Security Rules Evaluation and Netsh AdvFirewall Firewall Commands

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .