You can manually create new firewall rules (either inbound or
outbound) using either Windows Firewall with Advanced Security or
Windows PowerShell. As Figure 8 shows, there
are four types of firewall rules you can create:
-
Program rule This is a rule
that specifies how traffic associated with a specific program
(executable) running on the local computer should be
handled.
-
Port rule This is a rule
that specifies how traffic associated with a specific TCP or UDP
port or port range on the local computer should be
handled.
-
Predefined rule This is a
rule that specifies how traffic associated with a specific
Windows feature or service running on the local computer should
be handled.
-
Custom rule This is a rule
that specifies how traffic should be handled based on any of the
traffic-filtering criteria supported by Windows Firewall with
Advanced Security.
To create new firewall rules using the New Inbound (or
Outbound) Rule Wizard, right-click on the Inbound (or Outbound) node
in the Windows Firewall with Advanced Security snap-in, select New
Rule, and follow the steps of the wizard. The sections that follow
explain more about the steps involved in creating each of these
different types of firewall rules.
The following steps can be used to create a new program rule
using the Windows Firewall with Advanced Security snap-in:
-
Launch the New Inbound (or Outbound) Rule Wizard, and
select Program on the Rule Type page.
-
On the Program page, specify the full program path and
executable name of the program on the local computer that you
want the new rule to apply to. Alternatively, you can select All
Programs to have the new rule apply to all traffic that matches
the criteria specified in the rule:
-
On the Action page, select one of the following:
-
Allow The Connection
Selecting this option causes traffic to be allowed
regardless of whether or not the traffic is protected using
IPsec.
-
Allow The Connection If It Is
Secure Selecting this option causes traffic to be
allowed only when the traffic is protected using
IPsec.
-
Block The Connection
Selecting this option causes traffic to be blocked
regardless of whether or not the traffic is protected using
IPsec.
-
On the Profile page, select which firewall profiles the
new rule should apply to. By default, new rules apply to all
three profiles (domain, private, and public).
-
On the Name page, specify a name and optional description
for the new rule.
Note
Enabled by default
When you create a new firewall rule using the New Inbound
(or Outbound) Rules Wizard, the new rule is automatically enabled
by default.
The following steps can be used to create a new port rule
using the Windows Firewall with Advanced Security snap-in:
-
Launch the New Inbound (or Outbound) Rule Wizard, and
select Port on the Rule Type page.
-
On the Protocols And Ports page, begin by specifying
whether the new rule should apply to TCP or UDP ports. Then
specify whether the rule should apply to all local ports or only
to specific ports:
-
The options on the Action, Profile And Name page are the
same as those described in the previous section.
