I am just starting to learn the Windows Firewall (working on both Windows 7 and 10) and I'm not impressed with the inflexibility of its rules. I would like to know if
1. There is a way to do what I want with Windows Firewall
2. There is a third-party firewall that would do it
What I want to do is create a rule that blocks outgoing connections, for program X, that are to a destination **NOT** in an IP list.
Windows Firewall is not very flexible in how you specify IP list rules. When you give an IP list, your rule will match that list... you can't say "trigger the rule for non-matching IP addresses." Therefore to allow outgoing connections to a list, you have to
1. Change the entire firewall policy to block outgoing connections by default so that you can create an "allow rule" matching your list. This will mess up the rest of your programs.
2. Somehow combine a block rule and allow rule. Create a block rule for most traffic, with the "allow" rule overriding it when appropriate. However, this doesn't appear to be possible in general. It **may** be possible for connections that use IPSec, I'm not sure. And I'm not sure if I can use IPSec in my application.
1. There is a way to do what I want with Windows Firewall
2. There is a third-party firewall that would do it
What I want to do is create a rule that blocks outgoing connections, for program X, that are to a destination **NOT** in an IP list.
Windows Firewall is not very flexible in how you specify IP list rules. When you give an IP list, your rule will match that list... you can't say "trigger the rule for non-matching IP addresses." Therefore to allow outgoing connections to a list, you have to
1. Change the entire firewall policy to block outgoing connections by default so that you can create an "allow rule" matching your list. This will mess up the rest of your programs.
2. Somehow combine a block rule and allow rule. Create a block rule for most traffic, with the "allow" rule overriding it when appropriate. However, this doesn't appear to be possible in general. It **may** be possible for connections that use IPSec, I'm not sure. And I'm not sure if I can use IPSec in my application.