HomeWinBuzzer TipsHow to Block or Allow an App through Windows Firewall

How to Block or Allow an App through Windows Firewall

We show you how to allow or block a program in Windows Firewall using both its settings interface and command-line tools.

-

Windows Firewall, now known as Windows Defender Firewall, is a useful tool for a number of reasons. Though you can use it for several purposes, today we’re going to show you how to block a program from accessing the internet in Windows Firewall. We’ll also show you how to allow an app through Firewall if its connectivity isn’t working.

Allowing or Blocking Internet Access of Programs and Apps
 
Knowing how to block programs in Firewall is useful for several reasons. You may want to prevent it from receiving updates, stop it from sending data back to a remote server, or simply want to know how it functions offline.
 
Conversely, allowing a program through Windows Firewall can help it to function better online. This is especially true if anybody is connecting to your app from the outside world (such as when you’re hosting a game or media server). If you get the “your internet access is blocked – security or firewall settings might be blocking the connection” error, this is also useful, as it lets you return a blocked app to normal functioning.
 
The most user-friendly way to allow block an app in Firewall is, of course, via the Windows Defender Firewall app or security alert. However, we’ll also be showing you how to achieve the same effect via the command-line for pro users or those without a GUI.

How To Allow an App through Windows Defender Firewall via Windows Security Alert

When launching an application that requires internet access for the first time, Windows Defender Firewall may prompt you with a security alert. This is the most straightforward method to grant an app access to your network.

  • Tick Appropriate Network Types and Allow Access
     
    Select either “Private networks” or “Public networks” based on your needs and click “Allow access“. This action enables the application to communicate through the firewall on the selected network types.
     

    Windows 10 - Windows Security Alert - Choose Network Locations - Allow Acces

How to Allow a Program Through Windows Defender Firewall in Windows Firewall Settings

If you missed the initial security alert or need to adjust the firewall settings for an application, you can manually add it to the allowed list through the Control Panel.

  1. Open Control Panel
     
    Click on the search icon on your taskbar, type “Control Panel“, and open the top result to access the Control Panel interface.
     

    Windows 10 - Open Control Panel

  2. Type “Windows Firewall” in the Control Panel search and choose “Windows Defender Firewall” in the main list
     

    Windows 10 - Control Panel - Open Windows Defender Firewall

  3. Click “Allow an app or feature through Windows Defender Firewall”
     
    This option will be in the sidebar on the left.
     

    Windows 10 - Control Panel - Windows Defender Firewall - Allow App

  4. Press “Change Settings” in the “Allowed Apps” Window
     
    Allowing a program in Firewall requires you to provide administrator access.
     

    Windows 10 - Control Panel - Windows Defender Firewall - Allow App - Change Settings

  5. Press “Allow another app…” at the Bottom of the Window
     

    Windows 10 - Control Panel - Windows Defender Firewall - Allow App - Change Settings Allow Another App

  6. Next to the “Path” box, press “Browse…”
     

    Windows 10 - Control Panel - Windows Defender Firewall - Allow App - Change Settings Allow Another App - Browse

  7. Browse to your applications .exe-file, click it, and press “Open”
     

    Windows 10 - Control Panel - Windows Defender Firewall - Allow App - Change Settings Allow Another App - Browse - Open App

  8. Click the “Network types…” button in the bottom-left
     

    Windows 10 - Control Panel - Windows Defender Firewall - Allow App - Change Settings Allow Another App - Network Types

  9. Tick “Private” and/or “Public” networks and press “OK”
     

    Windows 10 - Control Panel - Windows Defender Firewall - Allow App - Change Settings Allow Another App - Network Types - Choose - Accept

  10. Press “Add” to allow the app through Firewall
     

    Windows 10 - Control Panel - Windows Defender Firewall - Allow App - Change Settings Allow Another App - Network Types - Choose - Accept - Add

  11. Find the program in your “Allowed apps” list and make sure it’s ticked
     
    Press “OK” when you’re done to close the window.
     

    Windows 10 - Control Panel - Windows Defender Firewall - Allow App - Change Settings Allow Another App - Network Types - Add - Accept

How to Remove Allowed App in Windows Firewall Settings

If you decide that an application no longer requires access through the firewall, you can easily remove it from the allowed list.

  1. Open Control Panel
     
    Repeat the steps to open the Control Panel and navigate to Windows Defender Firewall as described in the previous section.
     

    Windows 10 - Open Control Panel

  2. Search Control Panel for Windows Firewall and select it from the list
     
    Windows 10 - Control Panel - Open Windows Defender Firewall
  3. Open Allowed Apps Settings
     
    Click on “Allow an app or feature through Windows Defender Firewall“.
     
    Windows 10 - Control Panel - Windows Defender Firewall - Allow App
  4. Click “Change settings”
     
    This opens the list of allowed applications.
     

    Windows 10 - Control Panel - Windows Defender Firewall - Allow App - Change Settings

  5. Remove the Application
     
    Locate the program you wish to remove, select it, and press “Remove“. Confirm your action if prompted, effectively revoking the application’s access through the firewall.
     

    Windows 10 - Control Panel - Windows Defender Firewall - Allow App - Change Settings - Select App - Remove

  6. Press “Yes” to the prompt
     
    The app then is no longer allowed through your firewall. Doing this will not automatically block internet access to a program, but will modify how it interacts with the outside world. Depending on its function, this may stop it from working properly.
     

    Windows 10 - Control Panel - Windows Defender Firewall - Allow App - Change Settings - Select App - Remove - Accept

  7. Press “OK” in the “Allowed Apps” Window
     

    Windows 10 - Control Panel - Windows Defender Firewall - Allow App - Change Settings - Select App - Remove - Accept

How to Allow or Block a Program from Accessing the Internet via Command Prompt

If you prefer the command-line interface, you can easily modify Windows Firewall rules through the Command Prompt. This method is often quicker than navigating through multiple settings menus, especially if you’re familiar with the commands needed. Follow these steps to learn how to allow or block a program from accessing the internet:

  1. Open Command Prompt as an admin
     
    Press the search icon on your taskbar and type “Command Prompt“, then right-click on it and select “Run as administrator“. This will grant you the necessary permissions to alter Windows Firewall rules.
     
    Windows 10 - Open Elevated Command Prompt
  2. Use the netsh command to allow a program through Windows Firewall in Command Prompt
     
    Here is an example of what you’d type to allow an app through the Firewall in Windows 11 or Windows 10:
     

    netsh advfirewall firewall add rule name="Firefox" dir=in action=allow program="C:/Program Files/Mozilla Firefox/firefox.exe" enable=yes

     
    Make sure to replace “Firefox” and the file path within quotation marks with the name and path of the program you wish to allow. Successfully executing this command should resolve any “security or firewall settings might be blocking the connection” errors.
     
    Windows 10 - Elevated Command Prompt - Enter the Cmd to Allow App

  3. Use netsh to block a program in Windows Firewall
     
    To block an application, simply change “action=allow” to “action=block” in the command. Here’s the full command for blocking a program:
     

    netsh advfirewall firewall add rule name="Firefox" dir=in action=block program="C:/Program Files/Mozilla Firefox/firefox.exe" enable=yes

     
    As before, modify “Firefox” and the application’s file path in the quotation marks to match the program you’re intending to block. This action will prevent the program from accessing the internet.
     
    Windows 10 - Elevated Command Prompt - Enter the Cmd to Block App

How to Remove an Allowed App from Windows Defender Firewall with Command Prompt

You can also use Command Prompt to remove apps that you’ve previously allowed in your Firewall. Here is how:

  1. Open Command Prompt as an administrator
     
    Press the search icon on your taskbar and type “Command Prompt“, then right-click the top result and choose “Run as administrator“.
     
    Windows 10 - Open Elevated Command Prompt
  2. Run the show rule command to export a list of your firewall entries
     
    To do so, simply paste the following into your Command Prompt and press Enter:
     
    netsh advfirewall firewall show rule name=all >"%UserProfile%/Desktop/WindowsFirewallRules.text"
     
    Windows 10 - Elevated Command Prompt - Enter the Cmd
  3. Open the “WindowsFirewallRules.txt” file on your desktop and find your application
     
    You’ll see the name of the rule you created next to the “Rule Name” field. If you’re struggling to find your rule, you can press Ctrl + F to search.
     
    Windows 10 - WindowsFirewallRules.txt - Rule Name - Firefox
  4. Use the netsh command to delete the firewall rule
     
    Once you know the name of your firewall rule you can delete it by running the following command:
     
    netsh advfirewall Delete rule name="yourfirewallrule"
     
    Naturally, you should replace “yourfirewallrule” with the name of your rule. After you receive the “Deleted x rule(s)” confirmation, you can close Command Prompt.
     
    Windows 10 - Elevated Cmd Prompt - Enter the Cmd

How to Allow or Block a Program in Windows Firewall via PowerShell

If you want to allow or block a program in Firewall using Microsoft’s PowerShell tool, you can do so with the NetFirewallRule command. Here’s the procedure:

  1. Open Windows PowerShell as an admin
     
    Access Windows PowerShell with administrator privileges by opening the hidden Start menu using “Windows + X” and then selecting “Windows PowerShell (Admin)”.
     
    Windows 10 - Open Elevated PowerShell
  2. Use NetFirewallRule to allow a program through the Firewall
     
    To allow an application through the Firewall, execute the following command:
     

    New-NetFirewallRule -DisplayName "firewallrulename" -Direction Inbound -Program "C:/path/to/your/file.exe" -Action Allow

     
    Replace “firewallrulename” with a name for your rule and “C:/path/to/your/file.exe” with the path to the executable of your program. Press Enter to execute the command.

    Windows 10 - Elevated PowerShell - Enter the Cmd to Allow App

  3. Use NetFirewallRule to block a program in Windows Firewall
     
    To block an application, utilize this command format:
     

    New-NetFirewallRule -DisplayName "firewallrulename" -Direction Inbound -Program "C:/path/to/your/file.exe" -Action Block

     
    Again, adjust “firewallrulename” to designate your rule, and modify “C:/path/to/your/file.exe” with the exact path to your program’s executable file. Press Enter to run the command.
     
    Windows 10 - Elevated PowerShell - Enter the Cmd to Block App

How to Remove Allowed Windows Firewall App in PowerShell

If you’ve previously added an application to the Firewall through PowerShell and now wish to remove it, follow these simple steps:

  1. Open PowerShell as an admin
     
    Launch PowerShell with admin rights by using the hidden Start menu, pressing “Windows + X”, and selecting “Windows PowerShell (Admin)”.
     
    Windows 10 - Open Elevated PowerShell
  2. Export a list of your Firewall rules
     
    Before revoking a program’s access through the Firewall, you need to know its rule name. This information can be acquired by exporting a list of all Firewall rules to your desktop using the command below:
     

    Show-NetFirewallRule | Out-File "$env:userprofile/Desktop/WindowsFirewallRules.txt"

     
    Windows 10 - Elevated PowerShell - Enter the Cmd

  3. Open “WindowsFirewallRules.txt” from your desktop and find your rule name
     
    Locate the rule name next to the “DisplayName” label within the text file. Note it for the upcoming command.
     
    Windows 10 - WindowsFirewallRules.txt - Notepad - Display - Firefox
  4. Remove the rule with PowerShell

    Having identified the rule name, remove it by executing the command below:
     

    Remove-NetFirewallRule -DisplayName "YourRule"

    In place of “YourRule”, input the actual name of the rule you wish to delete.
     
    Windows 10 - Elevated PowerShell - Enter the Cmd

FAQ – Frequently Asked Questions About Windows Defender Firewall

Can I allow or block a program through Windows Defender Firewall without an admin account?

No, administrative privileges are required to modify firewall settings. This is a security measure to prevent unauthorized changes that could compromise the system’s security. Users need to log in with an administrator account or obtain the password to an admin account to make these changes. If you’re part of a larger organization, you might need to contact your IT department for assistance.

Does allowing an app through the firewall affect my antivirus protection?

Allowing an app through the firewall does not directly impact the effectiveness of your antivirus protection. Firewall and antivirus software operate in different domains of your system’s security; while the firewall manages network traffic, the antivirus focuses on identifying and removing malicious software. However, it’s crucial to only allow trustworthy applications through the firewall, as malicious programs could otherwise exploit network access to perform harmful actions unchecked by the antivirus.

Can Windows Defender Firewall block all incoming traffic?

Yes, you can configure Windows Defender Firewall to block all incoming traffic, which may be useful in high-security scenarios or when diagnosing network issues. This is done through advanced settings where you specify outbound or inbound rules. Keep in mind that such a blockade might prevent legitimate and necessary network communications, potentially hampering the functionality of applications that rely on internet access.

What should I do if an allowed app still cannot access the internet?

If a permitted application still cannot access the internet, first ensure it is correctly allowed in the firewall settings. Then, check for other potential blockages such as antivirus software rules, network connection issues, or additional firewall software that might be overriding Windows Defender Firewall settings. Additionally, ensuring the app’s network permissions are correctly set for the intended private or public network could resolve the issue.

Can I create custom firewall rules beyond just allowing or blocking?

Yes, Windows Defender Firewall allows for the creation of detailed custom rules. Advanced users can leverage the Command Prompt or PowerShell to specify conditions based on IP addresses, ports, protocols, and more to finely tune network traffic permissions. These custom rules provide granular control for sophisticated network management and are ideal for tailoring the firewall’s behavior to meet specific security or operational requirements.

How does blocking a program in the firewall protect my privacy?

Blocking a program from accessing the internet can significantly enhance privacy by stopping the application from sending data back to its servers, which might contain personal or sensitive information. It prevents unauthorized data transmission that could be exploited for targeted advertising, data mining, or malicious activities. Always consider blocking applications that have no clear need for internet access or those known for questionable data handling practices.

Will performing a network reset affect my firewall settings?

Performing a network reset generally reverts your network adapters and settings back to their default state but may not directly alter custom Windows Defender Firewall rules. However, it is advisable to check your firewall settings after a network reset to ensure that your configurations are intact and functioning as expected. This ensures that previously set security measures are still in place to protect your network traffic.

What’s the procedure for blocking or allowing an app through the firewall via PowerShell?

To manage Windows Defender Firewall rules via PowerShell, administrators can use several cmdlets such as New-NetFirewallRule for creating new rules, or Get-NetFirewallRule and Remove-NetFirewallRule for retrieving and removing existing rules. This process involves identifying the program path or the specific ports and protocols you wish to control and applying the necessary rule. For instance, to allow an application, you might create a new rule that specifies the app’s executable file and sets the action to allow. PowerShell offers powerful, scriptable control over firewall configurations, ideal for automation or administering multiple systems.

Why can I not edit certain firewall settings, even as an admin?

If you’re unable to edit firewall settings despite having administrative privileges, this could be due to Group Policy restrictions applied in organizational environments, conflict with third-party security software, or system corruption. If applicable, consult with your IT department regarding Group Policy restrictions. Otherwise, check for software conflicts and consider system repair tools or command-line operations such as sfc /scannow to identify and repair system files.

What is the impact of incorrectly configuring firewall settings?

Incorrect configuration of firewall settings can lead to security vulnerabilities or unnecessary restrictions. For example, excessively permissive rules might allow malicious traffic, increasing the risk of unauthorized access or data breaches. Conversely, overly restrictive rules can block legitimate applications from functioning correctly, potentially disrupting workflows or access to network resources. Hence, careful planning and understanding the functionality of each rule are crucial in firewall management.

How can I ensure my firewall settings are optimized for gaming?

To optimize firewall settings for gaming, identify and allow the necessary games and their associated online services through the firewall. This often involves setting specific rules that permit inbound and outbound connections for game servers and ensuring that voice chat or matchmaking services are not inadvertently blocked. Additionally, specifying the appropriate network profile (private or public) based on your gaming setup can help minimize connectivity issues without compromising security.

Can I apply firewall settings to specific users or profiles on my computer?

While Windows Defender Firewall settings are generally applied at a system level affecting all users, the application of rules can differ between network profiles (Private, Public, Domain). However, specific user-targeted rules are not directly supported through the Windows Defender Firewall interface. Alternative methods, such as using third-party software or network policies in organizational environments, may provide more granularity for user-based settings.

How to revert changes made to firewall settings?

To revert changes made to your firewall settings, you can reset the firewall rules to their default state via the Windows Defender Firewall control panel. This option, found under the “Restore defaults” section, will remove all custom rules and revert to the original settings established when Windows was first installed. Use this feature cautiously, as it will erase all modifications including any specific rules you have added for your applications.

Is it possible to manage Windows Defender Firewall settings remotely?

Managing Windows Defender Firewall settings remotely is possible but requires setup for remote management tools such as Windows Management Instrumentation (WMI), PowerShell remoting, or Group Policy if within a domain environment. These tools allow administrators to implement and adjust firewall settings across multiple systems from a central location, streamlining network security management for businesses or advanced home networks.

What happens if I block a critical Windows service in the firewall?

Blocking a critical Windows service could lead to system instability, loss of functionality, or prevent Windows from performing vital operations. It’s imperative to understand the role and necessity of each service before blocking it in the firewall. In case of accidental blocking, restoring default firewall settings or specifically re-allowing the service can help remedy the situation and restore normal operation.

Related: How to Open or Close a Port in Windows Firewall

As well as allowing and blocking applications, Windows Defender Firewall lets you open and close specific ports. This may be useful if you’re trying to use SSH for example. You can check our how to open or close a port in Windows Firewall guide to learn how.
 

Related: How to Perform a Network Reset

If you’re still experiencing connectivity issues after allowing an app through your Firewall, you can try performing a Windows Network reset. This will reset all of your settings to default and hopefully fix any strange behavior you’ve been experiencing. It will, however, keep your Firewall rules.
 
How to Reset Your Entire Network in Windows 10 and Start From Scratch

Ryan Maskell
Ryan Maskellhttps://ryanmaskell.co.uk
Ryan has had a passion for gaming and technology since early childhood. Fusing the skills from his Creative Writing and Publishing degree with profound technical knowledge, he enjoys covering news about Microsoft. As an avid writer, he is also working on his debut novel.
Table of Contents: