在Windows 10中,Windows 防火墙自(Windows Firewall hasn)Vista以来没有太大变化。总的来说(Overall),它几乎是一样的。除非它们在允许列表中,否则程序的入站连接将被阻止。(Inbound)如果出站(Outbound)连接与规则不匹配,则不会阻止它们。您还拥有防火墙的公共(Public)和专用(Private) 网络配置文件(network profile),并且可以准确控制哪些程序可以在专用网络上而不是在Internet上进行通信。
在本文中,我将介绍Windows 10防火墙的各种选项和设置,并讨论如何调整它们以满足您的需求。即使默认情况下不阻止出站连接,您也可以在Windows 10中配置自己的防火墙规则来阻止出站连接。如果您想阻止特定程序与Internet通信,这将很有用,即使该程序未经您的同意安装也是如此。
首先,让我们谈谈如何在Windows 10中调出防火墙设置。您可以打开控制面板(Control Panel)并从那里打开防火墙,也可以单击开始(Start)并输入单词firewall。
这将打开 Windows 防火墙对话框,您可以在其中控制防火墙的所有各种设置。
在右侧,(hand side)它将视图拆分为专用网络(Private networks)和访客或公共网络(Guest or public networks)。您的家庭无线网络(home wireless network)应该显示在专用(Private)网络下,但如果没有,那么您可能必须手动告诉它该网络是家庭网络(Home network)而不是公共网络。
允许程序通过防火墙
大多数人会弄乱防火墙的主要原因是允许程序通过防火墙工作。通常,这是由程序本身自动完成的,但在某些情况下,您必须手动完成。您可以通过单击允许应用程序或功能通过 Windows 防火墙(Allow an app or feature through Windows Firewall)来执行此操作。
如您所见,对于Windows的每个(Windows)程序或功能(program or feature),您可以选择分别允许专用网络和公共网络上的传入连接。这种分离对于文件和打印机(File and Printer)共享(Sharing)以及家庭组(HomeGroups)之类的东西很方便,因为我们不希望公共WiFi中的某个人能够连接到网络共享(network share)或本地家庭组(HomeGroup)。要允许应用程序,只需在列表中找到它,然后选中您希望允许传入连接的网络类型的框。
如果未列出该应用程序,您可以单击“允许其他应用程序”(Allow another app) 按钮并(button and pick)从列表中进行选择,或单击“浏览(Browse)”按钮以专门查找您的程序。如果按钮显示为灰色,请先单击更改设置(Change settings)。
如果您返回到防火墙主页对话框,(Firewall home)左侧窗格(left-hand pane)中有另一个链接,称为打开或关闭 Windows 防火墙(Turn Windows Firewall On or Off)。如果单击它,您将获得一组选项,如下所示:
您可以完全关闭Windows 10中的防火墙,但这将允许一切通过防火墙。您还可以阻止与您的计算机的所有传入连接,即使是允许的应用程序,这在某些情况下很有用。例如,如果您在酒店或机场(hotel or airport)等公共场所,并且希望在连接到网络时更加安全。您仍然可以使用Web 浏览器浏览(web browser)Internet,但没有程序能够从本地网络上的另一台计算机或Internet上的服务器创建传入连接。
高级防火墙设置
但是,真正有趣的是,如果您想弄乱高级防火墙设置。这显然不适合胆小的人,但这也没什么大不了的,因为您可以单击“恢复默认值”(Restore Defaults)链接并将所有内容设置回您首次安装Windows 10时的状态。要进入高级设置,请单击防火墙主对话框左侧窗格中的高级设置链接。(Advanced settings)这将打开具有高级安全性的 Windows 防火墙(Windows Firewall with Advanced Security)窗口:
在主屏幕上,您可以快速了解域、专用网络和公共网络的防火墙设置。如果您的计算机未加入域,则不必担心该配置文件。您可以快速看到防火墙如何管理入站和出站连接(outbound connection)。默认情况下,所有出站连接(outbound connection)都是允许的。如果要阻止出站连接(outbound connection),请单击左侧栏中的出站规则。(Outbound Rules)
继续并单击新规则(New Rule),然后您将看到一个对话框,询问什么类型的规则。
我选择端口是因为我想阻止端口 80(port 80)上的所有传出连接,这是每个Web 浏览器使用的(web browser)HTTP 端口(HTTP port)。理论上,这应该会阻止IE、Edge、Chrome和其他浏览器中的所有Internet 访问。(Internet access)单击(Click)Next,选择TCP 并输入端口号。
单击 Next(Click Next)并选择您要执行的操作,在我的例子中,Block the connection。
最后,选择您希望规则也应用的配置文件。只选择所有配置文件可能是个好主意。
现在只需给它一个名字,就是这样!当我打开Chrome访问任何网页时,我收到以下错误消息(error message):
甜的!所以我刚刚在Windows 10防火墙中创建了一个新的出站连接规则,它阻止(outbound connection rule)端口 80(port 80),从而阻止任何人浏览 Internet!您可以按照我上面显示的步骤在Windows 10中创建自己的自定义防火墙(custom firewall)规则。总的来说,这就是防火墙的全部内容。你可以做更高级的事情,但我想给出一个体面的概述,即使是非技术人员也可以尝试遵循。
如果您对在Windows 10(Windows 10)中配置防火墙有任何疑问,请在此处发表评论,我们会尽力提供帮助。享受!
Adjust Windows 10 Firewall Rules & Settings
In Windows 10, the Windows Firewall haѕn’t changed verу much since Vista. Overall, it’s prеtty much the same. Inbound connections to programs are blocked unless they are on the allowed list. Outbound connections are not blocked if they do not match a rule. You also have a Public and Private network profile for the firewall and can control exactly which program can communicate on the private network as opposed to the Internet.
In this article, I’ll go through the various options and settings for the Windows 10 firewall and talk about how you can adjust them to suit your needs. Even though outbound connections are not blocked by default, you can configure your own firewall rules in Windows 10 to block outbound connections. This can be useful if you want to block a specific program from being able to communicate with the Internet, even if the program gets installed without your consent.
To get started, let’s talk about how to bring up the firewall settings in Windows 10. You can either open the Control Panel and open the firewall from there or you can click on Start and type in the word firewall.
This will bring up the Windows Firewall dialog where you can control all of the various settings for the firewall.
On the right hand side, it splits the view into Private networks and Guest or public networks. Your home wireless network should show up under Private networks, but if it doesn’t, then you will probably have to manually tell it that the network is a Home network and not a Public network.
Allow Program through Firewall
The main reason most people will ever mess with the firewall is to allow a program to work through the firewall. Normally, this is automatically done by the program itself, but in some cases, you have to do it manually. You can do this by clicking on Allow an app or feature through Windows Firewall.
As you can see, for each program or feature of Windows, you can choose to allow incoming connections on the private and public networks separately. This separation is handy for things like File and Printer Sharing and HomeGroups since we don’t want someone from public WiFi to be able to connect to a network share or a local HomeGroup. To allow an app, simply find it in the list and then check the box for which type of network you want to allow incoming connections on.
If the app is not listed, you can click on the Allow another app button and pick from a list or click the Browse button to find your program specifically. If the button is greyed out, click on Change settings first.
If you go back to the Firewall home dialog, there is another link on the left-hand pane called Turn Windows Firewall On or Off. If you click on that, you’ll get a set of options like shown below:
You can turn off the firewall in Windows 10 entirely, but that will allow everything through the firewall. You can also block all incoming connections to your computer, even for allowed apps, which is useful in certain situations. For example, if you are in a public setting like a hotel or airport and you want to be extra safe while connected to the network. You can still browse the Internet using a web browser, but no program will be able to create an incoming connection from another computer on the local network or from a server on the Internet.
Advanced Firewall Settings
The real fun, though, is if you want to mess around with the advanced firewall settings. This is obviously not for the faint of heart, but it’s also not a big deal because you can click the Restore Defaults link and set everything back to the way it was when you first installed Windows 10. To get to the advanced settings, click the Advanced settings link in the left-hand pane on the firewall main dialog. This will bring up the Windows Firewall with Advanced Security window:
On the main screen, it gives you a quick overview of your firewall settings for the domain, private networks, and public networks. If your computer is not joined to a domain, you don’t have to worry about that profile. You can quickly see how inbound and outbound connections are managed by the firewall. By default, all outbound connections are allowed. If you want to block an outbound connection, click on Outbound Rules in the left-hand column.
Go ahead and click on New Rule and then you’ll get a dialog asking what type of rule.
I chose port because I want to block all outgoing connections on port 80, the HTTP port used by every web browser. In theory, this should block all Internet access in IE, Edge, Chrome and other browsers. Click Next, select TCP and type in the port number.
Click Next and choose the action you want to perform, in my case, Block the connection.
Finally, choose which profiles you want the rule to apply too. It’s probably a good idea to just pick all the profiles.
Now just give it a name and that’s it! When I open Chrome to visit any webpage, I get the following error message:
Sweet! So I just created a new outbound connection rule in Windows 10 firewall that blocks port 80 and therefore prevents anyone from browsing the Internet! You can create your own custom firewall rules in Windows 10 following the steps I showed above. Overall, that’s pretty much all there is to the firewall. You can do more advanced stuff, but I wanted to give a decent overview that even non-technical people can try to follow.
If you have any questions about configuring the firewall in Windows 10, post a comment here and we’ll try to help. Enjoy!