How to Add Custom Firewall Rules on Windows 10

Most modern operating systems have a built-in firewall, and Windows 10 is no different. The default settings of Windows firewall are good enough for general users. But, if you want to create a custom firewall rule, that's also possible! Whether it's about blocking outbound traffic of a specific application or allowing traffic from specific IP addresses, you can create highly customized firewall rules to meet your needs. This guide will show you step-by-step methods to create such rules. It'll include practical examples of firewall rules you may tweak or modify easily. Let's get started and learn how to create firewall rules!

📷 Configure custom firewall rules on Windows for added security

You can use this guide to create custom firewall rules on Windows 11 as well. Remember, firewall rule creation is a delicate task, and one must understand what its effect is going to be on the system.

Read Also:
How to Configure Custom Firewall Rules on Ubuntu

If you are unsure what the custom firewall rule's effect will be, I'd strongly recommend not creating it. Although 3rd-party applications can also be used, the built-in one is good enough for all the needs.

Why Do You Need Custom Firewall Rules?

If you are still not sure why anybody would need a custom firewall rule, here are some scenarios in which one may look to create one.

• Blocking an application from making an outbound connection to the internet.
• Opening a specific port for a specific application.
• Blocking connection to your PC from an IP address or a range of IP addresses.
• Disallowing execution of unknown executables that may harbour malware.

These are just a few examples. The possibilities for making custom firewall rules are endless.

Method 1: Using Windows Security (GUI)

If you're not that tech-savvy and prefer to use GUI applications, this is the easiest way to create custom firewall rules. Let's see how we can make such rules using the Windows Security GUI application.

1. Press the Win + S key combination and type 'Windows Security' in the search box. Open the application by clicking on the search result.
2. Go to the 'Firewall & network protection' option.
3. Here, click the 'Advanced settings' option. It'll open the legacy firewall management application of Windows.
4. On the left side panel, choose 'Inbound Rules' for inbound traffic coming to your PC or 'Outbound Rules' for traffic going out from your PC.
5. Click on the 'New Rule...' option on the right side panel to open the rule creation wizard.

   📷 Select the type of rule you want to create

   • Program: Select it to control traffic associated with a specific application.
   • Port: This option can be used to block or open TCP/UDP ports.
   • Predefined: Here, you can choose from the predefined rules created by Windows.
   • Custom: The last one can be used to combine rules for programs, ports, IP addresses, and much more.
6. After selecting the rule type, simply click the Next button to follow the prompts within the wizard to complete the process.

Here are two examples of demo firewall rules:

1: Block a Program from the Internet

This first rule will block outbound connections for an application. Select the 'Outbound Rules' option before starting the wizard.

• Rule type: Program
• Browse: C:\Program Files\Path\To\App.exe
• Action: Block the connection
• Apply to: Domain, Public, Private
• Name: Block AppName Internet Access

2: Allow a Game Server on Port 26019 (UDP)

Here's another one opening a specific UDP port for a game server.

• Rule type: Port
• Protocol: UDP
• Specific local ports: 26019
• Action: Allow the connection
• Apply to: 'Private' network only
• Name: Open Port for the Game Server

Method 2: Using Command Prompt (netsh)

If you are a power user and prefer a command-line environment, the netsh advfirewall command can be used to manage firewall rules. It can also be used in scripts.

Here's the generic syntax of this command:

netsh advfirewall firewall add rule name="RuleName" dir=in/out action=allow|block program="path" protocol=TCP|UDP localport=port_number

Now let's see some examples of its usage.

Example 1: Block Google Chrome from the Internet (Outbound)

netsh advfirewall firewall add rule name="Block Google Chrome" dir=out program="C:\Program Files\Google\Chrome\Application\chrome.exe" action=block

Example 2: Allow Incoming RDP Only from Specific IP

netsh advfirewall firewall add rule name="Allow RDP from Office" dir=in action=allow protocol=TCP localport=3389 remoteip=209.0.117.26

Example 3: Open TCP Port 8080

netsh advfirewall firewall add rule name="Allow Port 8080" dir=in action=allow protocol=TCP localport=8080

Power users often use this command in scripts to dynamically change the firewall behaviour.

Method 3: Using PowerShell (New-NetFirewallRule)

If you want more flexibility in creating firewall rules and are looking to include it in your automation scripts, this approach is better than the one explained in the previous section.

Here's the generic syntax of this command:

New-NetFirewallRule -DisplayName "RuleName" -Direction Inbound/Outbound -Program "path" -Action Allow/Block -Protocol TCP/UDP -LocalPort port_number

Once again, let's look at a few examples of this command:

Example 1: Block Notepad from the Internet

New-NetFirewallRule -DisplayName "Block Notepad" -Direction Outbound -Program "C:\Windows\System32\notepad.exe" -Action Block

Example 2: Allow Incoming HTTP (Port 80)

New-NetFirewallRule -DisplayName "Allow HTTP" -Direction Inbound -Protocol TCP -LocalPort 80 -Action Allow

Example 3: Allow Only Specific IP to Access Port 22 (SSH)

New-NetFirewallRule -DisplayName "Allow SSH from Home" -Direction Inbound -Protocol TCP -LocalPort 22 -RemoteAddress 192.51.106.12 -Action Allow

You can use this command in PowerShell scripts to dynamically manage your Windows firewall.

Method 4: Third-Party Firewall Managers

If you prefer user-friendly GUI applications, a third-party firewall is your best bet. Here are a couple of free firewall applications you can choose for your Windows machine.

• TinyWall: Extremely lightweight and easy to use.
• Evorim Firewall: Advanced firewall with tons of options.

There are several premium firewall options as well, but if you are a home user, these free options are good enough for you.

Miscellaneous Tips for Managing Firewall Rules

Finally, here are some tips to better use and manage your Windows firewall.

1. Give clear names to your firewall rules to avoid any ambiguity.
2. Every 3 months, audit existing custom rules to weed out the unused ones.
3. Thoroughly test your firewall rules, ensuring it doesn't break or block legitimate applications.
4. To export or import the rules, use the following commands:

      netsh advfirewall export "C:\firewall_config.wfw"
      netsh advfirewall import "C:\firewall_config.wfw"

And lastly, here's a pro tip! Only make a firewall rule when it's necessary. Otherwise, go for other solutions.

Conclusion

Adding custom firewall rules in Windows 10 can significantly improve your system’s security and give you precise control over what applications and ports can communicate over the network.

Whether you prefer the graphical interface, command line (netsh), or PowerShell (New-NetFirewallRule), Windows provides multiple options to suit beginners and power users alike.

With all the examples mentioned above, you can now block apps, restrict access to ports, or allow only specific IP addresses to connect to your system.

Image Credit: All screenshots and image alterations by Rajeev Edmonds/FreshTechTips