windows防火墙规则
 

  
 
 
Windows’ built-in firewall hides the ability to create powerful firewall rules. Block programs from accessing the Internet, use a whitelist to control network access, restrict traffic to specific ports and IP addresses, and more – all without installing another firewall.
 
 
Windows的内置防火墙隐藏了创建强大的防火墙规则的能力。 阻止程序访问Internet，使用白名单控制网络访问，将流量限制为特定的端口和IP地址等等，所有这些都无需安装其他防火墙。
 
 
The firewall includes three different profiles, so you can apply different rules to private and public networks. These options are included in the Windows Firewall with Advanced Security snap-in, which first appeared in Windows Vista.
 
 
 防火墙包括三个不同的配置文件，因此您可以将不同的规则应用于私有和公共网络。 这些选项包含在“具有高级安全性的Windows防火墙”管理单元中，该管理单元首次出现在Windows Vista中。
 
 
 访问界面 (Accessing the Interface)
 
 
There are a variety of ways to pull up the Windows Firewall with Advanced Security window. One of the most obvious is from the Windows Firewall control panel – click the Advanced settings link in the sidebar.
 
 
有多种方法可以拉起“高级安全Windows防火墙”窗口。 最明显的例子之一是从Windows防火墙控制面板–单击侧栏中的“高级设置”链接。
 
 

  
 
 
You can also type “Windows Firewall” into the search box in the Start menu and select the Windows Firewall with Advanced Security application.
 
 
 您也可以在“开始”菜单的搜索框中键入“ Windows防火墙”，然后选择“具有高级安全性的Windows防火墙”应用程序。
 
 

  
 
 
 配置网络配置文件 (Configuring Network Profiles)
 
 
The Windows firewall uses three different profiles:
 
 
Windows防火墙使用三种不同的配置文件：
 
 
Domain Profile: Used when your computer is connected to a domain.
 域配置文件：当您的计算机连接到域时使用。
Private: Used when connected to a private network, such as a work or home network.
 专用：连接到专用网络(例如工作或家庭网络)时使用。
Public: Used when connected to a public network, such as a public Wi-Fi access point or a direct connection to the Internet.
 公共：当连接到公共网络(例如公共Wi-Fi接入点或直接连接到Internet)时使用。
 
Windows asks whether a network is public or private when you first connect to it.
 
 
 当您首次连接到网络时，Windows会询问该网络是公共网络还是私有网络。
 
 
A computer may use multiple profiles, depending on the situation. For example, a business laptop may use the domain profile when connected to a domain at work, the private profile when connected to a home network, and the public profile when connected to a public Wi-Fi network – all in the same day.
 
 
 一台计算机可能会使用多个配置文件，具体取决于情况。 例如，一台商务笔记本电脑在连接到工作中的域时可以使用域配置文件，在连接到家庭网络时可以使用私有配置文件，而在连接到公共Wi-Fi网络时可以使用公共配置文件-都是在同一天。
 
 

  
 
 
Click the Windows Firewall Properties link to configure the firewall profiles.
 
 
 单击Windows防火墙属性链接以配置防火墙配置文件。
 
 
The firewall properties window contains a separate tab for each profile. Windows blocks inbound connections and allows outbound connections for all profiles by default, but you can block all outbound connections and create rules that allow specific types of connections. This setting is profile-specific, so you can use a whitelist only on specific networks.
 
 
 防火墙属性窗口为每个配置文件包含一个单独的选项卡。 Windows默认会阻止入站连接并允许所有配置文件的出站连接，但是您可以阻止所有出站连接并创建允许特定连接类型的规则。 此设置是特定于配置文件的，因此您只能在特定网络上使用白名单。
 
 

  
 
 
If you block outbound connections, you won’t receive a notification when a program is blocked – the network connection will fail silently.
 
 
 如果您阻止出站连接，则当程序被阻止时，您将不会收到通知–网络连接将静默失败。
 
 
 建立规则 (Creating a Rule)
 
 
To create a rule, select the Inbound Rules or Outbound Rules category at the left side of the window and click the Create Rule link at the right side.
 
 
要创建规则，请选择窗口左侧的“入站规则”或“出站规则”类别，然后单击右侧的“创建规则”链接。
 
 

  
 
 
The Windows firewall offers four types of rules:
 
 
 Windows防火墙提供四种类型的规则：
 
 
Program – Block or allow a program.
 程序–阻止或允许程序。
Port – Block or a allow a port, port range, or protocol.
 端口–阻止或允许端口，端口范围或协议。
Predefined – Use a predefined firewall rule included with Windows.
 预定义–使用Windows随附的预定义防火墙规则。
Custom – Specify a combination of program, port, and IP address to block or allow.
 自定义–指定要阻止或允许的程序，端口和IP地址的组合。
 

  
 
 
 规则示例：阻止程序 (Example Rule: Blocking a Program)
 
 
Let’s say we want to block a specific program from communicating with the Internet — we don’t have to install a third-party firewall to do that.
 
 
假设我们要阻止特定程序与Internet通信-我们不必安装第三方防火墙即可。
 
 
First, select the Program rule type. On the next screen, use the Browse button and select the program’s .exe file.
 
 
 首先，选择“程序”规则类型。 在下一个屏幕上，使用“浏览”按钮并选择程序的.exe文件。
 
 

  
 
 
On the Action screen, select “Block the connection.” If you were setting up a whitelist after blocking all applications by default, you’d select “Allow the connection” to whitelist the application instead.
 
 
 在“操作”屏幕上，选择“阻止连接”。 如果默认情况下要在阻止所有应用程序后设置白名单，则可以选择“允许连接”将该应用程序列入白名单。
 
 

  
 
 
On the Profile screen, you can apply the rule to a specific profile – for example, if you only want a program blocked when you’re connected to public Wi-Fi and other insecure networks, leave the “Public” box checked. By default, Windows applies the rule to all profiles.
 
 
 在“配置文件”屏幕上，您可以将规则应用于特定的配置文件-例如，如果仅在连接到公共Wi-Fi和其他不安全网络时只希望阻止程序，则请选中“公共”框。 默认情况下，Windows将规则应用于所有配置文件。
 
 

  
 
 
On the Name screen, you can name the rule and enter an optional description. This will help you identify the rule later.
 
 
 在名称屏幕上，您可以命名规则并输入可选描述。 这将有助于您以后确定规则。
 
 

  
 
 
Firewall rules you create take effect immediately. Rules you create will appear in the list, so you can easily disable or delete them.
 
 
 您创建的防火墙规则将立即生效。 您创建的规则将出现在列表中，因此您可以轻松地禁用或删除它们。
 
 

  
 
 
 规则示例：限制访问 (Example Rule: Restricting Access)
 
 
If you really want to lock down a program, you can restrict the ports and IP addresses it connects to. For example, let’s say you have a server application that you only want accessed from a specific IP address.
 
 
如果您确实要锁定程序，则可以限制程序连接到的端口和IP地址。 例如，假设您有一个服务器应用程序，只希望从特定的IP地址进行访问。
 
 
From the Inbound Rule list, click New Rule and select the Custom rule type.
 
 
 从“入站规则”列表中，单击“新建规则”，然后选择“自定义”规则类型。
 
 

  
 
 
On the Program pane, select the program you want to restrict. If the program is running as a Windows service, use the Customize button to select the service from a list. To restrict all network traffic on the computer to communicating with a specific IP address or port range, select “All programs” instead of specifying a specific program.
 
 
 在“程序”窗格上，选择要限制的程序。 如果程序作为Windows服务运行，请使用“自定义”按钮从列表中选择服务。 若要限制计算机上的所有网络通信以与特定IP地址或端口范围进行通信，请选择“所有程序”而不是指定特定程序。
 
 

  
 
 
On the Protocol and Ports pane, select a protocol type and specify ports. For example, if you’re running a web server application, you can restrict the web server application to TCP connections on ports 80 and 443 by entering these ports in the Local port box.
 
 
 在“协议和端口”窗格上，选择协议类型并指定端口。 例如，如果您正在运行Web服务器应用程序，则可以通过在“本地端口”框中输入以下端口，将Web服务器应用程序限制为端口80和443上的TCP连接。
 
 

  
 
 
The Scope tab allows you to restrict IP addresses. For example, if you only want the server communicating with a specific IP address, enter that IP address in the remote IP addresses box.
 
 
 范围选项卡允许您限制IP地址。 例如，如果只希望服务器与特定IP地址通信，则在“远程IP地址”框中输入该IP地址。
 
 

  
 
 
Select the “Allow the connection” option to allow the connection from the IP address and ports you specified. Be sure to check that no other firewall rules apply to the program – for example, if you have a firewall rule that allows all inbound traffic to the server application, this rule won’t do anything.
 
 
 选择“允许连接”选项以允许从您指定的IP地址和端口进行连接。 确保检查是否没有其他防火墙规则适用于该程序–例如，如果您有一个防火墙规则允许所有到服务器应用程序的入站通信，则此规则将不执行任何操作。
 
 

  
 
 
The rule takes effect after you specify the profiles it will apply to and name it.
 
 
 该规则在您指定要应用的配置文件并命名后生效。
 
 
 
 
 
 
The Windows firewall isn’t as easy-to-use as third-party firewalls, but it offers a surprising amount of power. If you want more control and ease of use, you may be better off with a third-party firewall.
 
 
 Windows防火墙不像第三方防火墙那样易于使用，但是它提供了惊人的功能。 如果您想要更多的控制和易用性，使用第三方防火墙可能会更好。
 
 

  
翻译自: https://www.howtogeek.com/112564/how-to-create-advanced-firewall-rules-in-the-windows-firewall/
 
 
windows防火墙规则

 

  
 
 
windows 防火墙日志
 

  
 
 
In the process of filtering Internet traffic, all firewalls have some type of logging feature that documents how the firewall handled various types of traffic. These logs can provide valuable information like source and destination IP addresses, port numbers, and protocols. You can also use the Windows Firewall log file to monitor TCP and UDP connections and packets that are blocked by the firewall.
 
 
在过滤Internet流量的过程中，所有防火墙都具有某种类型的日志记录功能，该功能记录了防火墙如何处理各种类型的流量。 这些日志可以提供有价值的信息，例如源和目标IP地址，端口号和协议。 您还可以使用Windows防火墙日志文件来监视TCP和UDP连接以及被防火墙阻止的数据包。
 
 
 为什么和何时使用防火墙日志记录
  
验证新添加的防火墙规则是否正常运行，或者如果它们未能按预期运行，则对其进行调试。
 确定Windows防火墙是否是应用程序失败的原因-使用防火墙日志记录功能，您可以检查禁用的端口开放，动态端口开放，使用推送和紧急标志分析丢弃的数据包以及分析发送路径上的丢弃的数据包。 
 帮助和识别恶意活动-使用防火墙日志记录功能，您可以检查网络内是否发生了任何恶意活动，尽管您必须记住它没有提供跟踪活动来源所需的信息。 
 如果您发现反复尝试从一个IP地址(或一组IP地址)访问防火墙和/或其他高配置系统失败，那么您可能需要编写一条规则来删除该IP空间中的所有连接(请确保IP地址没有被欺骗)。 
 来自内部服务器(例如Web服务器)的传出连接可能表明某人正在使用您的系统对其他网络上的计算机发起攻击。 
 
 
 如何生成日志文件 
 
 (Why and When Firewall Logging is Useful 
 
To verify if newly added firewall rules work properly or to debug them if they do not work as expected.
To determine if Windows Firewall is the cause of application failures — With the Firewall logging feature you can check for disabled port openings, dynamic port openings, analyze dropped packets with push and urgent flags and analyze dropped packets on the send path.
To help and identify malicious activity — With the Firewall logging feature you can check if any malicious activity is occurring within your network or not, although you must remember it does not provide the information needed to track down the source of the activity.
If you notice repeated unsuccessful attempts to access your firewall and/or other high profile systems from one IP address (or group of IP addresses), then you might want to write a rule to drop all connections from that IP space (making sure that the IP address isn’t being spoofed).
Outgoing connections coming from internal servers such as Web servers could be an indication that someone is using your system to launch attacks against computers located on other networks.
 
 
How to Generate the Log File 
 ) 
 
By default, the log file is disabled, which means that no information is written to the log file. To create a log file press “Win key + R” to open the Run box. Type “wf.msc” and press Enter. The “Windows Firewall with Advanced Security” screen appears. On the right side of the screen, click “Properties.”
 
 
默认情况下，日志文件是禁用的，这意味着没有信息写入日志文件。 要创建日志文件，请按“ Win键+ R”打开“运行”框。 输入“ wf.msc”，然后按Enter。 出现“具有高级安全性的Windows防火墙”屏幕。 在屏幕右侧，点击“属性”。
 
 

  
 
 
A new dialog box appears. Now click the “Private Profile” tab and select “Customize” in the “Logging Section.”
 
 
 出现一个新对话框。 现在，单击“私人配置文件”选项卡，然后在“日志记录”部分中选择“自定义”。
 
 

  
 
 
A new window opens and from that screen choose your maximum log size, location, and whether to log only dropped packets, successful connection or both. A dropped packet is a packet that Windows Firewall has blocked. A successful connection refers both to incoming connections as well as any connection you have made over the Internet, but it doesn’t always mean that an intruder has successfully connected to your computer.
 
 
 将打开一个新窗口，并从该屏幕中选择最大日志大小，位置以及是否仅记录丢弃的数据包，成功连接还是同时记录两者。 丢弃的数据包是Windows防火墙已阻止的数据包。 成功的连接既指传入连接，也指您通过Internet进行的任何连接，但这并不总是意味着入侵者已成功连接到您的计算机。
 
 

  
 
 
By default, Windows Firewall writes log entries to %SystemRoot%\System32\LogFiles\Firewall\Pfirewall.log and stores only the last 4 MB of data. In most production environments, this log will constantly write to your hard disk, and if you change the size limit of the log file (to log activity over a long period of time) then it may cause a performance impact. For this reason, you should enable logging only when actively troubleshooting a problem and then immediately disable logging when you’re finished.
 
 
 默认情况下，Windows防火墙将日志条目写入%SystemRoot%\System32\LogFiles\Firewall\Pfirewall.log ，仅存储最后4 MB的数据。 在大多数生产环境中，此日志将不断写入硬盘，如果您更改日志文件的大小限制(以长时间记录活动)，则可能会对性能造成影响。 因此，仅应在主动对问题进行故障排除时启用日志记录，然后在完成后立即禁用日志记录。
 
 
Next, click the “Public Profile” tab and repeat the same steps you did for “Private Profile” tab. You’ve now turned on the log for both private and public network connections. The log file will be created in a W3C extended log format (.log) that you can examine with a text editor of your choice or import them into a spreadsheet. A single log file can contain thousands of text entries, so if you are reading them through Notepad then disable word wrapping to preserve the column formatting. If you are viewing the log file in a spreadsheet then all the fields will be logically displayed in columns for easier analysis.
 
 
 接下来，单击“公共配置文件”选项卡，然后重复执行与“私人配置文件”选项卡相同的步骤。 现在，您已经打开了专用和公用网络连接的日志。 日志文件将以W3C扩展日志格式(.log)创建，您可以使用所选的文本编辑器进行检查，也可以将其导入电子表格中。 一个日志文件可以包含数千个文本条目，因此，如果您通过记事本读取它们，则禁用自动换行以保留列格式。 如果您正在电子表格中查看日志文件，则所有字段将在逻辑上显示在列中，以便于分析。
 
 
On the main “Windows Firewall with Advanced Security” screen, scroll down until you see the “Monitoring” link. In the Details pane, under “Logging Settings”, click the file path next to “File Name.” The log opens in Notepad.
 
 
 在“具有高级安全性的Windows防火墙”主屏幕上，向下滚动，直到看到“监视”链接。 在“详细信息”窗格中的“日志记录设置”下，单击“文件名”旁边的文件路径。 日志在记事本中打开。
 
 

  
 
 
 解释Windows防火墙日志 (Interpreting the Windows Firewall log )
 
 
The Windows Firewall security log contains two sections. The header provides static, descriptive information about the version of the log, and the fields available. The body of the log is the compiled data that is entered as a result of traffic that tries to cross the firewall. It is a dynamic list, and new entries keep appearing at the bottom of the log. The fields are written from left to right across the page. The (-) is used when there is no entry available for the field.
 
 
Windows防火墙安全日志包含两个部分。 标头提供有关日志版本以及可用字段的静态描述性信息。 日志的主体是由于试图通过防火墙的通信而输入的已编译数据。 这是一个动态列表，新条目始终出现在日志的底部。 这些字段在页面上从左到右书写。 没有该字段的可用条目时使用(-)。
 
 

  
 
 
According to the Microsoft Technet documentation the header of the log file contains:
 
 
 根据Microsoft Technet文档，日志文件的标题包含：
 
 
Version — Displays which version of the Windows Firewall security log is installed. Software — Displays the name of the software creating the log. Time — Indicates that all the timestamp information in the log are in local time. Fields — Displays a list of fields that are available for security log entries, if data is available.
 
 
 版本—显示安装的Windows防火墙安全日志的版本。 软件—显示创建日志的软件的名称。 时间-表示日志中的所有时间戳信息均以本地时间表示。 字段-如果数据可用，则显示可用于安全日志条目的字段列表。
 
 
While the body of the log file contains:
 
 
 虽然日志文件的正文包含：
 
 
date — The date field identifies the date in the format YYYY-MM-DD. time — The local time is displayed in the log file using the format HH:MM:SS. The hours are referenced in 24-hour format. action — As the firewall processes traffic, certain actions are recorded. The logged actions are DROP for dropping a connection, OPEN for opening a connection, CLOSE for closing a connection, OPEN-INBOUND for an inbound session opened to the local computer, and INFO-EVENTS-LOST for events processed by the Windows Firewall, but were not recorded in the security log. protocol — The protocol used such as TCP, UDP, or ICMP. src-ip — Displays the source IP address (the IP address of the computer attempting to establish communication). dst-ip — Displays the destination IP address of a connection attempt. src-port — The port number on the sending computer from which the connection was attempted. dst-port — The port to which the sending computer was trying to make a connection. size — Displays the packet size in bytes. tcpflags — Information about TCP control flags in TCP headers. tcpsyn — Displays the TCP sequence number in the packet. tcpack — Displays the TCP acknowledgement number in the packet. tcpwin — Displays the TCP window size, in bytes, in the packet. icmptype — Information about the ICMP messages. icmpcode — Information about the ICMP messages. info — Displays an entry that depends on the type of action that occurred. path — Displays the direction of the communication. The options available are SEND, RECEIVE, FORWARD, and UNKNOWN.
 
 
 date —日期字段以YYYY-MM-DD格式标识日期。 time —当地时间以格式HH：MM：SS显示在日志文件中。 这些小时以24小时格式引用。 操作—当防火墙处理流量时，会记录某些操作。 记录的操作包括：DROP(用于断开连接)，OPEN(用于断开连接)，CLOSE(用于断开连接)，OPEN-INBOUND(对于向本地计算机打开的入站会话)和INFO-EVENTS-LOST(对于由Windows防火墙处理的事件)，但是没有记录在安全日志中。 协议—使用的协议，例如TCP，UDP或ICMP。 src-ip —显示源IP地址(尝试建立通信的计算机的IP地址)。 dst-ip —显示连接尝试的目标IP地址。 src-port —尝试从中进行连接的发送计算机上的端口号。 dst-port —发送计算机尝试建立连接的端口。 size —显示数据包大小(以字节为单位)。 tcpflags —有关TCP标头中的TCP控制标志的信息。 tcpsyn —显示数据包中的TCP序列号。 tcpack —显示数据包中的TCP确认号。 tcpwin —显示数据包中的TCP窗口大小(以字节为单位)。 icmptype —有关ICMP消息的信息。 icmpcode —有关ICMP消息的信息。 info —显示一个条目，该条目取决于发生的操作的类型。 路径—显示通信方向。 可用的选项为SEND，RECEIVE，FORWARD和UNKNOWN。
 
 
As you notice, the log entry is indeed big and may have up to 17 pieces of information associated with each event. However, only the first eight pieces of information are important for general analysis. With the details in your hand now you can analyze the information for malicious activity or debug application failures.
 
 
 如您所见，日志条目确实很大，并且每个事件可能包含多达17条信息。 但是，只有前八条信息对一般分析很重要。 现在，有了您的详细信息，您就可以分析信息以进行恶意活动或调试应用程序故障。
 
 
If you suspect any malicious activity, then open the log file in Notepad and filter all the log entries with DROP in the action field and note whether the destination IP address ends with a number other than 255. If you find many such entries, then take a note of the destination IP addresses of the packets. Once you have finished troubleshooting the problem, you can disable the firewall logging.
 
 
 如果您怀疑有任何恶意活动，请在记事本中打开日志文件，并在操作字段中使用DROP过滤所有日志条目，并注意目标IP地址是否以255以外的数字结尾。如果找到许多此类条目，则采用数据包的目标IP地址的注释。 对问题进行故障排除后，可以禁用防火墙日志记录。
 
 
Troubleshooting network problems can be quite daunting at times and a recommended good practice when troubleshooting Windows Firewall is to enable the native logs. Although the Windows Firewall log file is not useful for analyzing the overall security of your network, it still remains a good practice if you want to monitor what is happening behind the scenes.
 
 
 对网络问题进行故障排除有时会令人生畏，在对Windows防火墙进行故障排除时，建议的良好做法是启用本机日志。 尽管Windows防火墙日志文件对于分析网络的整体安全性没有用，但是如果您要监视幕后发生的情况，它仍然是一个好习惯。
 
 

  
翻译自: https://www.howtogeek.com/220204/how-to-track-firewall-activity-with-the-windows-firewall-log/
 
 
windows 防火墙日志

 

  
 
 
windows防火墙 程序
 

  
 
 
Most of the time we want our applications online and connected to both our local network and the greater Internet. There are instances, however, when we want to prevent an application from connecting to the Internet. Read on as we show you how to lock down an application via the Windows Firewall.
 
 
 大多数时候，我们希望我们的应用程序联机并连接到我们的本地网络和更大的Internet。 但是，在某些情况下，我们希望阻止应用程序连接到Internet。 继续阅读，我们将向您展示如何通过Windows防火墙锁定应用程序。 
 
 
 我为什么要这样做？ (Why Do I Want To Do This?)
 
 
Some of you might have been sold immediately by the headline, as blocking an application is exactly what you’ve been wanting to do. Others may have opened this tutorial curious as to why one would block an application in the first place.
 
 
 标题中的某些内容可能会立即被出售，因为阻止应用程序正是您一直想要做的事情。 其他人可能已经打开了本教程，好奇为什么首先会阻止应用程序。 
 
 
Although you generally want your applications to have free access to the network (after all what good is a web browser that can’t reach the web) there are a variety of situations in which you may wish to prevent an application from accessing the network.
 
 
 尽管您通常希望您的应用程序可以自由访问网络(毕竟，不能访问网络的Web浏览器有什么用)，但是在多种情况下，您可能希望阻止应用程序访问网络。 
 
 
Some simple and commonplace examples are as follows. You might have an application that insists on automatically updating itself, but find that those updates break some functionality and you want to stop them. You might have a video game that you’re comfortable with your child playing, but you’re not so comfortable with the online (and unsupervised) multiplayer elements. You might be using an application with really obnoxious ads that can be silenced by cutting off the application’s Internet access.
 
 
 一些简单而普通的示例如下。 您可能有一个坚持要自动更新的应用程序，但是发现这些更新破坏了某些功能，并且您想停止它们。 您可能有一个适合孩子玩的视频游戏，但是对在线(和无人看管)多人游戏元素却不太满意。 您可能正在使用带有令人讨厌的广告的应用程序，可以通过切断应用程序的Internet访问使其静音。 
 
 
Regardless of why you want to drop the cone of network connectivity silence over a given application, a trip into the guts of the Windows Firewall is an easy way to do so. Let’s take a look at how to block an application from accessing the local network and Internet now.
 
 
 无论您为什么要放弃给定应用程序的网络连接静默状态，进入Windows防火墙的胆量都是一种简便的方法。 让我们看一下如何阻止应用程序立即访问本地网络和Internet。 
 
 
 创建Windows防火墙规则 (Creating a Windows Firewall Rule)
 
 
Although we’ll be demonstrating this trick on Windows 10, the basic layout and premise has remained largely unchanged over the years and you can easily adapt this tutorial to earlier versions of Windows.
 
 
 尽管我们将在Windows 10上演示此技巧，但多年来的基本布局和前提一直保持不变，您可以轻松地将本教程适应Windows的早期版本。 
 
 
To create a Window Firewall rule, you first need to open up the advanced Firewall interface, which is named, appropriately enough, Windows Firewall with Advanced Security. To do so navigate to the Control Panel and select “Windows Firewall.” In the “Windows Firewall” window, click the “Advanced Settings” link on the left.
 
 
 要创建窗口防火墙规则，首先需要打开高级防火墙界面，该界面被适当地命名为具有高级安全性的Windows防火墙。 为此，请导航至“控制面板”，然后选择“ Windows防火墙”。 在“ Windows防火墙”窗口中，单击左侧的“高级设置”链接。 
 
 

  
 
 
Note: There is a lot going on in the advanced interface and we encourage you follow along closely, leaving anything outside the scope of the tutorial and your experience level alone. Mucking up your firewall rules is a surefire way to a big headache.
 
 
 注意：高级界面中发生了很多事情，我们鼓励您密切注意，不要将任何内容超出本教程和您的经验水平。 修改防火墙规则是避免麻烦的必经之路。 
 
 
In the far left navigation pane, click the “Outbound Rules” link This displays all the existing outbound firewall rules in the middle pane. Don’t be surprised that it is already populated with dozens and dozens of Windows-generated entries.
 
 
 在最左侧的导航窗格中，单击“出站规则”链接。这将在中间窗格中显示所有现有的出站防火墙规则。 不要奇怪，它已经填充了数十个Windows生成的条目。 
 
 

  
 
 
In the far right pane, click  “New Rule” to create a new rule for outbound traffic.
 
 
 在最右边的窗格中，单击“新建规则”为出站流量创建新规则。 
 
 

  
 
 
In the “New Outbound Rule Wizard,” confirm that the “Program” option is selected, and then click the “Next” button.
 
 
 在“新出站规则向导”中，确认已选择“程序”选项，然后单击“下一步”按钮。 
 
 

  
 
 
On the “Program” screen, select the “This program path” option, and then type (or browse for) the path to the program you want to block. For the purposes of this tutorial, we’re going to block a portable copy of the Maxthon web browser—mostly because it will be easy to demonstrate to you that the browser is blocked. But, don’t click “Next” just yet.
 
 
 在“程序”屏幕上，选择“此程序路径”选项，然后键入(或浏览)要阻止的程序的路径。 就本教程而言，我们将阻止Maxthon Web浏览器的可移植副本-主要是因为可以很容易地向您展示该浏览器已被阻止。 但是，暂时不要单击“下一步”。 
 
 

  
 
 
There’s an important change you need to make before you continue. Trust us on this. If you skip this step you’ll end up frustrated.
 
 
 在继续之前，您需要进行重要的更改。 相信我们。 如果跳过此步骤，您将最终感到沮丧。 
 
 
When you use the “Browse” command to select an EXE file, Windows defaults to using what are known as environmental variables if the particular path includes a given path portion represented by one of those variables. For example, instead of inserting C:\Users\Steve\, it will swap that portion for the environmental variable %USERPROFILE% .
 
 
 当您使用“浏览”命令选择EXE文件时，如果特定路径包括由这些变量之一表示的给定路径部分，则Windows默认使用所谓的环境变量。 例如，不是插入C:\Users\Steve\,而是将那部分替换为环境变量%USERPROFILE% 。 
 
 
For some reason, despite the fact that this is the default way it populated the program path field, it will break the firewall rule. If the file you have browsed to is anywhere that uses an environmental variable (like the /User/ path or the /Program Files/ path), you have to manually edit the program path entry to remove the variable and replace it with the correct and full file path. In case that’s a tad confusing let us illustrate with our example program from above.
 
 
 出于某种原因，尽管事实上这是它填充程序路径字段的默认方式， 但它会违反防火墙规则 。 如果浏览到的文件位于使用环境变量的任何位置(例如/User/路径或/Program Files/路径)，则必须手动编辑程序路径条目以删除该变量，并用正确的完整的文件路径。 万一这有点令人困惑，让我们从上面的示例程序中进行说明。 
 
 
When we browsed to the EXE file for our Maxthon web browser, Windows plugged in the following program path information for the file, which was located in our Documents folder:
 
 
 当我们为Maxthon Web浏览器浏览到EXE文件时，Windows插入了该文件的以下程序路径信息，该信息位于我们的Documents文件夹中： 
 
 
%USERPROFILE%\Documents\MaxthonPortable\App\Maxthon\Bin\Maxthon.exe

 
That file path is understood by Windows, but for some reason is no longer recognized when inserted into a firewall rule. Instead, we need to replace the file path that includes the environmental variable with the full file path. In our case it looks like this:
 
 
 Windows可以理解该文件路径，但是由于某种原因，在将其插入防火墙规则后将无法识别该文件路径。 相反，我们需要用完整的文件路径替换包含环境变量的文件路径。 在我们的情况下，它看起来像这样： 
 
 
C:\Users\Jason\Documents\MaxthonPortable\App\Maxthon\Bin\Maxthon.exe

 
It’s possible this is some quirk isolated to the current version of the Windows 10 firewall, and that you can use environmental variables in other versions, but we’d encourage you to just remove the variable and use the full and absolute file path to save yourself a headache today and down the road.
 
 
 这可能是与Windows 10防火墙的当前版本隔离的怪癖，您可以在其他版本中使用环境变量，但是我们建议您删除该变量，并使用完整和绝对的文件路径来保存自己今天和以后都很头疼。 
 
 
Finally, there’s one small but important thing to keep in mind here. For most applications, the main EXE file is the one you want to block, but there are examples of applications where things are a bit counter-intuitive. Take Minecraft, for example. At first glance it seems like you should block Minecraft.exe , but Minecraft.exe is actually  just the launcher file and the actual network connectivity happens through Java. So, if you want to restrict your child from connecting to online Minecraft servers you need to block Javaw.exe and not Minecraft.exe . That’s atypical, though, as most applications can be blocked through the main executable.
 
 
 最后，这里有一件小事但重要的事情要牢记。 对于大多数应用程序，主EXE文件是您要阻止的文件，但是有些应用程序的示例有些违反直觉。 以Minecraft为例。 乍一看，您似乎应该阻止Minecraft.exe ，但Minecraft.exe实际上只是启动程序文件，并且实际的网络连接是通过Java进行的。 因此，如果要限制孩子连接到在线Minecraft服务器，则需要阻止Javaw.exe而不是Minecraft.exe 。 但是，这是非典型的，因为大多数应用程序都可以通过主可执行文件阻止。 
 
 
At any rate, once you’ve selected your application and confirmed the path, you can finally click that “Next” button. On the “Action” screen of the wizard, select the “Block the connection” option, and then click “Next.”
 
 
 无论如何，一旦您选择了应用程序并确认了路径，便可以最终单击该“下一步”按钮。 在向导的“操作”屏幕上，选择“阻止连接”选项，然后单击“下一步”。 
 
 

  
 
 
On the “Profile” screen, you’re asked to select when the rule applies. Here, you have three options:
 
 
 在“配置文件”屏幕上，要求您选择规则的适用时间。 在这里，您有三个选择： 
 
 
Domain: The rule applies when a computer is connected to a domain.
 域：当计算机连接到域时，该规则适用。 
Private: The rule applies when a computer is connected to a private network, such as your home or small business network.
 专用：此规则适用于计算机连接到专用网络(例如家庭或小型企业网络)的情况。 
Public: The rule applies when a computer is connected to a public network, such as at a coffee shop or hotel.
 公用：当计算机连接到公用网络(例如在咖啡店或旅馆中)时，该规则适用。 
 
So, for example, if you have a laptop that you use at home (a network you’ve defined as private) and at a coffee shop (a network you’ve defined as public) and you want the rule to apply to both places, you need to check both options. If you want the rule only to apply when you’re at the public Wi-Fi spot at the coffee shop, then just check Public. When in doubt, just check them all to block the application across all networks. When you’ve made your selection click “Next”.
 
 
 因此，例如，如果您有一台手提电脑在家中(定义为私人的网络)和咖啡店(定义为公共的网络)使用，并且希望该规则适用于两个地方，您需要选中两个选项。 如果您只想在咖啡店的公共Wi-Fi站点上应用此规则，则只需选中“公共”即可。 如有疑问，只需全部检查即可阻止所有网络中的应用程序。 选择完毕后，单击“下一步”。 
 
 

  
 
 
The final step is to name your rule. Give it a clear name you’ll recognize later on. We named ours, simply, “Maxathon Block” to indicate which application we’re blocking. If you want, you can add a fuller description. When you’ve filled the appropriate information in, click the “Finish” button.
 
 
 最后一步是命名您的规则。 给它起一个清晰的名字，以后您会认出来。 我们将我们的名字简称为“ Maxathon Block”，以表明我们正在阻止哪个应用程序。 如果需要，可以添加更完整的描述。 填写适当的信息后，单击“完成”按钮。 
 
 

  
 
 
You’ll now have an entry at the top of the “Outbound Rules” list for your new rule. If your goal was blanket blocking you’re all done. If you want to tweak and refine the rule you can double click on the entry and make adjustments—like adding local exceptions (e.g. the application can’t access the Internet but it can connect so another PC on your network so you can use a network resource or the like).
 
 
 现在，在新规则的“出站规则”列表的顶部将有一个条目。 如果您的目标是一揽子封锁，那么您就完成了。 如果要调整和完善规则，则可以双击条目并进行调整，例如添加本地异常(例如，应用程序无法访问Internet，但可以连接，因此网络上的另一台PC可以使用网络资源等)。 
 
 

  
 
 
At this point we’ve achieved the goal outlined in the title of this article: all outbound communication from the application in question is now cut off. If you want to further tighten the grip you have on the application you can select the “Inbound Rules” option in right hand navigation panel of the “Windows Firewall with Advanced Security” and repeat the process, step for step, recreating an identical firewall rule that governs inbound traffic for that application too.
 
 
 至此，我们已经达到了本文标题中概述的目标：现在已切断了来自该应用程序的所有出站通信。 如果要进一步加强应用程序的控制力，可以在“具有高级安全性的Windows防火墙”的右侧导航面板中选择“入站规则”选项，然后重复该步骤，重新创建相同的防火墙规则也可以控制该应用程序的入站流量。 
 
 
 测试规则 (Testing the Rule)
 
 
Now that the rule is active it’s time to fire up the application in question and test it. Our test application was the Maxthon web browser. Practically speaking, and for obvious reasons, it’s not super useful to block your web browser from accessing the Internet. But, it does serve as a useful example, because we can immediately and clearly demonstrate that the firewall rule is in effect.
 
 
 现在该规则已激活，是时候启动有问题的应用程序并对其进行测试了。 我们的测试应用程序是Maxthon Web浏览器。 实际上，出于明显的原因，阻止您的Web浏览器访问Internet并没有什么用。 但是，它确实是一个有用的示例，因为我们可以立即清楚地证明防火墙规则已生效。 
 
 

  
 
 

  
翻译自: https://www.howtogeek.com/227093/how-to-block-an-application-from-accessing-the-internet-with-windows-firewall/
 
 
windows防火墙 程序

                 
 
        前段时间不知因何QQ被盗,里面的Q币被刷一空,而天网防火墙根本就没拦截到不明程序访问网络(也许恰好天网那时候打了个盹),江民也愣是没杀出个毒来(也许善良的江民不忍心杀生),今天一气之下打算把嫌要占用资源(哪怕只有一点点)的windows防火墙开启.
 
        直接点击控制面板的"windows防火墙",选择"开启".恩,还不错,真的能拦截到程序(当然此时都是正常的无公害的网络程序,如QQ之类).本来打算笑几下,可是一重启,就再也笑不起来了--重启之后,windows 防火墙居然又被关闭了!
 
自我感觉,可能是防火墙依赖的某些服务没自动打开,上网一搜,嗯,发现防火墙依赖于如下四个服务:Application Layer Gateway Service、Network Connections、Network Location Awareness、Remote Access Connection Manager.并且这四个服务,我默认都是手动的!将其全部改为"自动",这次总该让我笑一下了吧?结果,重启之后,外甥打灯笼--照旧!
 
        可以确定的是,机器是没病毒的,但问题出在哪里呢?然后折腾了N久+尝试了N中不规则的方法,依然一无所获.无奈之中,觉得还不如好好检查一下天网的应用程序过滤规则,看看有没有什么程序被漏掉.突然间,发现有个叫alg.exe的程序被我禁止访问网络!这个不就是"Application Layer Gateway Service",作用是为 Internet 连接共享和 Windows 防火墙提供第三方协议插件的支持。莫非是因为这个?赶快在天网的应用规矩中将其设置为"允许"访问网络.重启测试,哦,耶,天空是多么的晴朗,可爱的善良的windows防火墙终于自动打开了!我们是多么的幸福啊~!陶醉...陶醉...
 

 
        总结:应该这和windows防火墙的工作机制有关,可能在运行windows防火墙之前,会检查一下网络,如果发现网络断开,就不运行windows防火墙.而恰好以前我用天网禁止alg服务访问网络,让alg服务误认为此时网络不通,故不自动运行windows防火墙.            

再分享一下我老师大神的人工智能教程吧。零基础！通俗易懂！风趣幽默！还带黄段子！希望你也加入到我们人工智能的队伍中来！https://blog.csdn.net/jiangjunshow