How to configure firewall rules in Windows to block specific apps

If you want to truly have your computer under control, one of the best strategies is deciding which applications can go online and which ones are completely blocked, including deciding whether remove pre-installed appsThe Windows firewall allows you to do this, but the interface isn't always intuitive and it's easy to get lost among rules, network profiles, and advanced options.

In this comprehensive guide we'll see, step by step, how Configure Windows Firewall rules to block specific apps, create whitelists, and open and close ports. And what alternatives do you have if you prefer to use a third-party firewall or even solutions like those from ESET or the macOS firewall itself? The idea is for you to fully understand what you're changing to improve security without anything stopping working "for no reason."

What is a firewall and why would you want to block apps?

A firewall is a A security filter that monitors all network traffic entering and leaving your computer.It analyzes data packets, checks where they come from, where they go, which port they pass through and which application is using them, and based on some rules decides whether to allow the connection or cut it off.

The typical comparison is that of a country's border: Every "traveler" entering or leaving must pass through a checkpointIf the guard sees something suspicious or it doesn't meet the requirements, they deny entry. The same applies to a firewall: it can block connections from the internet to your PC (incoming traffic) or connections from programs on your computer to the outside (outgoing traffic).

Blocking applications with the firewall is useful for several reasons: You prevent unauthorized access, you limit communication of malwareYou block intrusive advertising And you can prevent certain programs from connecting to untrusted public Wi-Fi networks. This reduces your system's exposure to attacks and data leaks.

It is also a good way to monitor the behavior of "legitimate" programs that update themselves, connect to telemetry servers, or They allow online features that you're not interested in., such as online gaming for minors, for which you can Configure Family Safety or adjust other restrictions, or synchronize data in the cloud without your explicit consent.

However, a balance must be found: nowadays many services depend on the Internet to function. It's not about blocking everything, but about allowing only what you need. y Clean permissions and bloatware with OO-AppBuster and be clear about what you sacrifice when you cut off access to a particular app.

Private networks, public networks, and firewall profiles

The Windows firewall uses network profiles to apply different security policies depending on the type of connection which network you're connected to: domain network, private network, or public network. This distinction is key to deciding where your rules apply.

A private network is usually your home network: a relatively trusted environment where the devices that can see each other are usually yours or your family'sIn that context, it's reasonable to allow other computers to discover your PC to share files or printers.

A public network, on the other hand, is the Wi-Fi in a bar, airport, or library. You are surrounded by devices from strangers that you don't want to have the slightest visibility over your equipment.In these cases, the firewall must be much stricter, minimizing the attack surface.

In Windows, the system itself asks you whether a network is public or private the first time you connect. Making the wrong choice here can leave your equipment more exposed. of what you would like, so it's best to mark private only networks you really trust.

How to view and configure the Windows Firewall from Windows Security

In modern versions of Windows, you can manage a large part of the firewall from the Windows Security app, in the section "Firewall & Network Protection"This is where the status and basic options of each network profile are displayed.

To open it, simply search "Windows Security" in the Start menu and click on "Firewall & Network Protection". You'll see what type of network you're currently using and whether the firewall is active or disabled for each profile (domain, private, and public).

Within each profile you can enable or disable "Microsoft Defender Firewall", and also complement it with Controlled Folder Access in Windows 11 to protect sensitive folders. If you disable it, your computer becomes much more vulnerable.If you do, it should be because another firewall (for example, one from a security suite) is taking its place, never because it "causes fewer problems".

You will also find the option «Block all incoming connections, including those in the allowed apps listThis instructs the firewall to block all incoming connections, even those you yourself authorized. It's a very restrictive mode that can prevent many applications from working, but it provides an extra layer of security in hostile environments.

Additionally, from this screen you have direct access to key functions: Allow apps through the firewall, open the network troubleshooter, adjust notifications, or access advanced settings where finer rules and records are managed.

How to block a program's internet access in Windows 10 and 11

If you're looking for completely block internet access for a specific applicationThe most effective solution is to create an outbound rule in the classic firewall (Firewall of Windows Defender with advanced security). Although the process is somewhat hidden, the wizard makes it relatively simple.

First, you need to open the advanced settings panel. You can go to Control Panel, enter «Windows Defender Firewall» and from the left side click "Advanced settings", or directly search for "Windows Defender Firewall with advanced security" from the Start menu.

In the window that opens, you will see in the left column the «Entry rules" and the "Exit Rules"The ones you need to prevent a program from connecting to the Internet are the outgoing ones, because they control the communication that goes from your computer to the outside."

Select "Outbound Rules" and, in the right-hand column, click on "New rule ...A wizard will launch, asking you what you want to restrict. Select "Program" to create a specific rule for an application and continue with "Next."

On the program selection screen, choose "This program path" and click "Browse". You need to locate the executable file (.exe) of the app you want to block.It's usually located in "C:\Program Files\AppName\app.exe" or "C:\Program Files (x86)\…" if it's a 32-bit application; if you have problems with unverified applications, consult How to solve it.

Once you've selected the executable, click "Next". In the action section, select "Block connection"And move forward again. This option will instruct the firewall to block all traffic from that program."

Next, select which network profiles the rule will apply to: Domain, Private and PublicIf you don't have a domain environment, it's normal to leave Private and Public selected, or all three if you want the rule to apply in any case. Click "Next".

Finally, give the rule a descriptive name (for example, "Exit Block - ProgramName") and, if you like, a short description to remind you why you created it. Giving clear names makes undoing changes much easier. When you want to allow the connection again later, finish with "Finish".

From that moment on, the rule will be active and the firewall will be on. will prevent the application from establishing outgoing connections under the conditions you have defined. You can view and manage all rules from the same "Outbound Rules" panel.

Temporarily block an app in the Windows Firewall

The Windows firewall does not include an explicit option to «temporary lock» for a limited time for an app, but you can achieve the same effect by activating or deactivating the corresponding rule when it suits you.

To do this, go back into "Windows Defender Firewall with Advanced Security" and go to the "Exit RulesThere you will see the complete list of rules created, including the one you configured to block that specific application.

Right-click on the ruler and choose «Deactivate ruleIf you want the app to regain internet access immediately, the firewall will stop enforcing that block, but will keep the rule in the list in case you need it later.

When you want to restrict their connection again, repeat the process and select «Activate rule». This way you can alternate between allowing and blocking without having to constantly delete or recreate rules.This is especially useful if you only need the app to connect occasionally to update or synchronize data.

Whitelists: allowing specific apps through the firewall

The opposite approach to blocking everything except one app is to create a whitelist of programs that can communicateIn Windows, this is primarily managed from the "Allow an app or feature to pass through Windows Defender Firewall" interface.

To get there, open the Control Panel, go to "Windows Defender Firewall" and click on the link "Allow an application or feature through Windows Defender FirewallYou will see a list of applications and services with boxes associated with Private and Public network profiles.

Press the button "Change settingsTo edit the list, you will likely need administrator privileges. From that point on, You can check or uncheck the boxes for each app to control it on private and public networks.

If an app is on the list and you don't want it to connect to the internet, simply uncheck its name box (this will also disable the Private and Public boxes). If, on the other hand, you only want to allow it at home but not on public networks, leave "Private" checked and uncheck "Public".

When the app you're interested in doesn't appear in the list, tap «Allow another application ...Although the name might suggest otherwise, this is the path to Add it to the list and then decide whether to block it or allow it.Use "Browse" to locate its executable, add it, and then adjust its Private/Public settings as needed.

Create advanced rules: open and close ports in the firewall

In addition to program-based rules, the Windows firewall allows create rules that act on ports and protocolsThis is very useful when you want to control specific traffic (for example, only TCP 443, or a specific port for a game or server).

To access the wizard, open "Windows Defender Firewall with Advanced Security" and select whether you want to create an inbound rule (traffic coming from outside) or an outbound rule (traffic leaving your computer). Then, click "New rule ...» in the right-hand column.

Instead of choosing "Program", select "Port" or "Custom" depending on the level of detail you need. The custom option allows you to combine filtering by program, ports, and IP addresses.Therefore, it is usually the most complete when you want millimeter-precise control.

In the protocol and ports section, choose whether you will be working with TCP or UDP (the most common) and define the local and remote ports that will be affected. You can enter a specific number, a range, or several ports separated by commas.

The assistant will also ask you about the local and remote IP addresses to which the rule applies. This allows you to specify, for example, that only certain devices on your local network can connect to a particular service or, conversely, block connections from suspicious IPs.

Next, choose the action the rule will perform: "Allow the connection", "Allow if secure" (with certain authentication requirements) or "Block connectionDefine which network profiles it will apply to (domain, private, public) and finish by giving it a clear name that describes the scenario you have configured.

From that moment on, all traffic wishing to pass through that port and under those conditions will have to adjust to the newly created ruleIf it doesn't fit, the firewall will block it to prevent risks or unauthorized use.

Other ways to cut off internet access in Windows

If you don't want to deal with detailed rules or just need a temporary global block, you have simpler alternatives. One very straightforward one is Activate Airplane Mode from the Windows Action Center, which disables all wireless interfaces on the system.

With Airplane Mode enabled, No application installed on the computer will be able to access the InternetThis disconnects the network connection at the system level. When you want to reconnect, simply uncheck the option and everything will return to normal.

Another option is to use a third-party firewall. There are both free and paid applications that offer this. more user-friendly interfaces, rules wizards, and advanced features, such as the ability to ask every time a program tries to connect or predefined profiles for games, work, etc.

This type of tool might be of interest to you if the Do you find the Windows firewall unintuitive? Or if you need features that the standard system doesn't provide, such as more detailed traffic statistics or more convenient rules management; for example, you can Configure custom alerts with GlassWire.

Configure the firewall to ask every time an app connects.

Windows, by default, does not offer a mode in which the firewall lets you query each outgoing connection attempt from any program one by one.Their philosophy is more about allowing what's normal, blocking what's suspicious, and leaving the finer points to rules you create manually.

If what you're looking for is a type of behavior «Ask me whenever you want to put something onlineThe most practical solution is to install a third-party firewall that incorporates this interactive mode. Many add-on firewalls replace or overlay the Windows firewall and, by default, display a pop-up notification each time a new app attempts to communicate, allowing you to choose to allow or block it and save that decision as a rule.

Another, more extreme option, is to configure the Windows firewall in a scheme where All outgoing traffic is blocked by default and only add permission rules for the apps you need. This is achieved by combining generic blocking rules and specific permission rules, but it requires considerably more work and care to avoid leaving essential services offline.

Using third-party firewalls: an example with ESET

Many security suites include their own firewall that replaces or controls the Windows oneOne of the common examples is ESET in its products for Windows Home or Small Office, which incorporate a firewall configurable by rules.

In these products, the idea is similar: you open the main window of the ESET program and press the key Press F5 to access advanced settingsWithin "Network access protection" you will find the "Firewall" section and, there, an "Edit" button next to "Rules".

Clicking on "Edit" will display a list of existing rules and a buttonAddThat's the one you'll click to create a new firewall rule, either to allow or block traffic from a specific app or certain types of connections.

In the rule creation wizard or form, you must enter a name, choose the action (allow or block), specify the affected application—usually by clicking the three-dot icon to find the executable—and then define the direction of communication (incoming, outgoing, or both).

Once you have filled in all the relevant fields, save the changes with "OK" and confirm with "Accept" in the remaining windows. From that point on, the ESET firewall will apply that rule. to any connection attempt that meets those conditions.

Firewall control in macOS for services and applications

If you also work with MacYou might be interested to know that macOS includes its own firewall that allows decide which applications accept incoming connectionsIt's not as granular for outbound connections as some third-party firewalls, but it helps limit the exposure of services.

To configure it, open the Apple menu in the top left and go to "System Settings" (or "System Preferences" in earlier versions). Depending on your macOS edition, you'll need to go to "Network and Internet» or «Security and privacy», where you will find the «Firewall» section.

Activate the firewall with «Activate firewallThen, tap "Options" to access the list of applications and services. On this screen you can Add new apps with the + buttonSelect them from the file system and decide whether to allow or block their incoming connections.

Each application can be configured to "Allow incoming connections" or "Block incoming connections." Keep in mind that if you block a critical app, You can break some of its functionality or affect other programs that depend on it.So it's best to try things out calmly and really get to know what you're playing.

Importance of maintaining security when using a firewall

Beyond technical curiosity, using the firewall correctly is a key part of your security strategy. A system without a firewall or restrictions is a much easier target. for attacks originating from the Internet, especially if it is not properly updated.

The risks don't just come from downloading suspicious files; a simple visit to a compromised website or a legitimate program that is misconfigured This can open the door to unwanted connections. Hence the importance of filtering what connects and how it connects, and of periodically reviewing the applications that have permission to pass through the firewall.

In addition to a firewall, it remains essential to have a good antivirus and other mechanisms such as multi-factor authentication or a password manager Reliable. Tools of this type They help you protect credentials, cards, and other sensitive dataas well as notifying you if any leaks related to your accounts are detected.

The combination of firewall, antivirus, up-to-date updates and good practices (not reusing passwords, being wary of strange links, using public Wi-Fi networks responsibly, etc.) It drastically reduces the likelihood of intrusions or data loss. when you browse or work online.

Taking all this into account, it's easy to see why it's worth taking a few minutes to learn how to manage the firewall in Windows, macOS, or your security solution: Controlling what comes in and what goes out of your team is one of the best defenses you can have.And with the right rules, you can tailor that control exactly to what you need without sacrificing everyday convenience.