0

I consider myself quite tech-savy but this one gives me real pain.

I've connected to VPN through PPTP and I'm attempting to set up firewall rules to block any application from using it. Essentially, I want this working on a white-list basis, and leave my primary local connection for general use. Local connection is listed as private network and VPN as public. So in Windows Firewall, advanced settings, I set up one rule for inbound and one for outbound connections, both using similar settings:

  • all programs
  • all ports & protocols
  • all IP addresses
  • block connection
  • public profile
  • from "Advanced" tab in rule editing window, I mark "remote access" interfaces.

This doesn't work - my applications can still connect through VPN. In fact, any combination of profile and interfaces settings either don't do anything, or blocks both local and VPN connection. What should I do in order to get this done?

Improve this question
4
  • I don't believe you will be able to have this much control with Just Windows Firewall
    – Ramhound
    Commented Apr 9, 2014 at 21:41
  • i'm not great with the w7 firewall but you say local connection is listed as private and VPN as public. Is it possible to make local connection a custom profile and VPN a custom profile? By the way, in the windows 7 firewall I think public means like you're telling it you're in a coffee shop i.e. it makes it very restrictive, and isn't a VPN very secure.. so maybe that's funny unless you want VPN very limited which maybe you do. but anyhow, perhaps you can have 2 custom profiles one for VPN one for local network.
    – barlop
    Commented Apr 9, 2014 at 22:14
  • As far as i know, Windows 7 doesn't have notion of custom profiles. At the time of connecting to new network, it lets user choose between the 3 (domain, local and public).
    – Red
    Commented Apr 9, 2014 at 22:23
  • @Red perhaps this is somewhat like it? stackoverflow.com/questions/11956291/… but it looks painfully complicated if like me one doesn't know powershell. It mentions a custom group name
    – barlop
    Commented Apr 11, 2014 at 9:45

1 Answer 1

Reset to default
0

The windows firewall is configured to only enforce incoming rules by default. If you just wrote rules for incoming and outgoing, only the incoming connections will be filtered. You would need to enable the enforcement of outgoing rules by setting the firewall to block outgoing connections which enables the "whitelist mode" you ask for.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .