Block an application from accessing the network, except for a single IP address

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
1
down vote

favorite
1












How would I go about preventing a specific .exe from accessing any network (TCP) resources, with the exception of 1 or 2 IP addresses?



Can it be done with Windows Firewall (netsh or UI) and/or IPSec? If so, how?



Note:



  • I don't want to set my default firewall behavior to BLOCK.

  • OS is Windows 10 Pro

Thank you!






windows ipsec windows-10 windows-firewall







share|improve this question

























    up vote
    1
    down vote

    favorite
    1












    How would I go about preventing a specific .exe from accessing any network (TCP) resources, with the exception of 1 or 2 IP addresses?



    Can it be done with Windows Firewall (netsh or UI) and/or IPSec? If so, how?



    Note:



    • I don't want to set my default firewall behavior to BLOCK.

    • OS is Windows 10 Pro

    Thank you!






    windows ipsec windows-10 windows-firewall







    share|improve this question























      up vote
      1
      down vote

      favorite
      1









      up vote
      1
      down vote

      favorite
      1






      1





      How would I go about preventing a specific .exe from accessing any network (TCP) resources, with the exception of 1 or 2 IP addresses?



      Can it be done with Windows Firewall (netsh or UI) and/or IPSec? If so, how?



      Note:



      • I don't want to set my default firewall behavior to BLOCK.

      • OS is Windows 10 Pro

      Thank you!






      windows ipsec windows-10 windows-firewall







      share|improve this question













      How would I go about preventing a specific .exe from accessing any network (TCP) resources, with the exception of 1 or 2 IP addresses?



      Can it be done with Windows Firewall (netsh or UI) and/or IPSec? If so, how?



      Note:



      • I don't want to set my default firewall behavior to BLOCK.

      • OS is Windows 10 Pro

      Thank you!






      windows ipsec windows-10 windows-firewall




      windows ipsec windows-10 windows-firewall






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked 2 hours ago









      Adam Plocher

      1136




      1136




















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          3
          down vote



          accepted










          According to this answer you can't create an exception for an outgoing block rule.



          So instead you will need to create multiple block rules for the executable, so as to cover the entire IP address range apart from those addresses you want to allow.



          For example, if you wanted to only allow traffic to 100.100.1.33, you would create block rules for 1.1.1.1-100.100.1.32 and 100.100.1.34 through 255.255.255.255.






          share|improve this answer




















          • Ah hah, good idea.... gonna try that and I'll report back shortly. Thank you
            – Adam Plocher
            1 hour ago










          • I do believe that worked, thank you. Btw, it can be done with a single rule with multiple IP ranges. Thanks!
            – Adam Plocher
            1 hour ago










          Your Answer







          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "2"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: false,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f935414%2fblock-an-application-from-accessing-the-network-except-for-a-single-ip-address%23new-answer', 'question_page');

          );

          Post as a guest

















          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          3
          down vote



          accepted










          According to this answer you can't create an exception for an outgoing block rule.



          So instead you will need to create multiple block rules for the executable, so as to cover the entire IP address range apart from those addresses you want to allow.



          For example, if you wanted to only allow traffic to 100.100.1.33, you would create block rules for 1.1.1.1-100.100.1.32 and 100.100.1.34 through 255.255.255.255.






          share|improve this answer




















          • Ah hah, good idea.... gonna try that and I'll report back shortly. Thank you
            – Adam Plocher
            1 hour ago










          • I do believe that worked, thank you. Btw, it can be done with a single rule with multiple IP ranges. Thanks!
            – Adam Plocher
            1 hour ago














          up vote
          3
          down vote



          accepted










          According to this answer you can't create an exception for an outgoing block rule.



          So instead you will need to create multiple block rules for the executable, so as to cover the entire IP address range apart from those addresses you want to allow.



          For example, if you wanted to only allow traffic to 100.100.1.33, you would create block rules for 1.1.1.1-100.100.1.32 and 100.100.1.34 through 255.255.255.255.






          share|improve this answer




















          • Ah hah, good idea.... gonna try that and I'll report back shortly. Thank you
            – Adam Plocher
            1 hour ago










          • I do believe that worked, thank you. Btw, it can be done with a single rule with multiple IP ranges. Thanks!
            – Adam Plocher
            1 hour ago












          up vote
          3
          down vote



          accepted







          up vote
          3
          down vote



          accepted






          According to this answer you can't create an exception for an outgoing block rule.



          So instead you will need to create multiple block rules for the executable, so as to cover the entire IP address range apart from those addresses you want to allow.



          For example, if you wanted to only allow traffic to 100.100.1.33, you would create block rules for 1.1.1.1-100.100.1.32 and 100.100.1.34 through 255.255.255.255.






          share|improve this answer












          According to this answer you can't create an exception for an outgoing block rule.



          So instead you will need to create multiple block rules for the executable, so as to cover the entire IP address range apart from those addresses you want to allow.



          For example, if you wanted to only allow traffic to 100.100.1.33, you would create block rules for 1.1.1.1-100.100.1.32 and 100.100.1.34 through 255.255.255.255.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered 2 hours ago









          Harry Johnston

          3,14012035




          3,14012035











          • Ah hah, good idea.... gonna try that and I'll report back shortly. Thank you
            – Adam Plocher
            1 hour ago










          • I do believe that worked, thank you. Btw, it can be done with a single rule with multiple IP ranges. Thanks!
            – Adam Plocher
            1 hour ago
















          • Ah hah, good idea.... gonna try that and I'll report back shortly. Thank you
            – Adam Plocher
            1 hour ago










          • I do believe that worked, thank you. Btw, it can be done with a single rule with multiple IP ranges. Thanks!
            – Adam Plocher
            1 hour ago















          Ah hah, good idea.... gonna try that and I'll report back shortly. Thank you
          – Adam Plocher
          1 hour ago




          Ah hah, good idea.... gonna try that and I'll report back shortly. Thank you
          – Adam Plocher
          1 hour ago












          I do believe that worked, thank you. Btw, it can be done with a single rule with multiple IP ranges. Thanks!
          – Adam Plocher
          1 hour ago




          I do believe that worked, thank you. Btw, it can be done with a single rule with multiple IP ranges. Thanks!
          – Adam Plocher
          1 hour ago

















           

          draft saved


          draft discarded















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f935414%2fblock-an-application-from-accessing-the-network-except-for-a-single-ip-address%23new-answer', 'question_page');

          );

          Post as a guest
































































          Comments

          Post a Comment

          Popular posts from this blog

          Long meetings (6-7 hours a day): Being “babysat” by supervisor

          Image
          Clash Royale CLAN TAG #URR8PPP .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0; up vote 31 down vote favorite 4 I hold a PhD in mechanical engineering with a 7 year background in self-guided, self-paced research including 2 years as a graduate level course instructor and a subject matter expert for various engineering projects in a university setting in the United States. For the last 10-11 months, I am working in a research industry in France where my task is to debug C++ spaghetti code written over a period of several years by my current supervisor. It is a team of 2: just I and my supervisor. Diurnally, I am posed with a "bug of the day" to get out of this C++ code. My supervisor generally gives me about 15-30 minutes to solve it and then accosts me about whether or not the task is completed and then rinses and repeats this until the end of the day. Off-late, my supervisor has been holding 6-7 hour long "meetin
          Read more

          Is the Concept of Multiple Fantasy Races Scientifically Flawed? [closed]

          Image
          Clash Royale CLAN TAG #URR8PPP up vote 2 down vote favorite Many fantasy worlds have multiple humanoid species (elves, orcs, humans, etc) living in the same world, in addition to that, they often have the ability to interbreed. And I can't help but question their believability... fantasy-races reproduction interspecies-relations share | improve this question edited Aug 9 at 14:46 Michael Kjörling ♦ 21.1k 10 85 161 asked Aug 9 at 13:13 Chlodio 118 6 closed as unclear what you're asking by MichaelK, Gryphon, John, Vincent, Frostfyre Aug 9 at 15:25 Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question. 3 Stack Exchange exist to
          Read more

          Confectionery

          Image
          Prepared foods made with a lot of sugar or other cabohydrates "Sweetmeat" redirects here. For the racehorse, see Sweetmeat (horse). Not to be confused with Sweetbread. This Kransekake is a traditional Scandinavian baker's confection. Confectionery is the art of making confections , which are food items that are rich in sugar and carbohydrates. Exact definitions are difficult. [1] In general, though, confectionery is divided into two broad and somewhat overlapping categories, bakers' confections and sugar confections. [2] Bakers' confectionery, also called flour confections , includes principally sweet pastries, cakes, and similar baked goods. Sugar confectionery includes candies ( sweets in British English), candied nuts, chocolates, chewing gum, bubble gum, pastillage, and other confections that are made primarily of sugar. In some cases, chocolate confections (confections made of chocolate) are treated as a separate category, as are sugar-free versions of
          Read more