Windows Firewall to Block WAN and Allow LAN Only Access

You want to test an applications capabilities on your local network and block all other networks and Internet access while on your Microsoft Windows 10 system.  This process was tested using Version 1909 (OS Build 18363.1440).  Assume for this experiment that you want to allow any computer or device access to and from this workstation that is found on the 10.10.0.0/24 network. Basically, create a firewall rule using Windows Defender Firewall with Advanced Security.

Here is a little background for this to put this into better context.  While testing a 2FA / MFA product called DUO, the offline mode was next on the checklist of things to test.  This needed to be achieved this on a virtual machine without blocking RDP access. This approach turned out to be the perfect solution.

Resolution

  • Go to Windows Defender Firewall with Advanced Security
  • On the right-hand pane, under Actions, select New Rule...
  • For Rule Type, select Custom.
  • Click Next.
  • Under Steps, select Scope.

  • Under Which remote IP addresses does this rule apply to? select These IP addresses: and press Add..
  • Then select This IP address range: and type in the first From and To values. 0.0.0.0 and 9.255.255.255 and press OK.

 

  • Repeat and select This IP address range: and type in the first From and To values.11.0.0.0 and 255.255.255.255 and press OK.
  • Click Next.
  • For Action leave as the default Block the connection and click Next.
  • For the Profile leave the default all checked and click Next.
  • For the Name use something logical like 'BLOCK ALL INTERNET' and press Finish.

 

Test your  Internet access, it should be blocked.

 

Source(s)

  • https://geekoverdose.wordpress.com/2020/06/21/windows-firewall-rule-to-block-internet-but-allow-lan/