windows防火墙规则_如何在Windows防火墙中创建高级防火墙规则

windows防火墙规则

Windows’ built-in firewall hides the ability to create powerful firewall rules. Block programs from accessing the Internet, use a whitelist to control network access, restrict traffic to specific ports and IP addresses, and more – all without installing another firewall.

Windows的内置防火墙隐藏了创建强大的防火墙规则的能力。阻止程序访问Internet，使用白名单控制网络访问，将流量限制为特定的端口和IP地址等等，所有这些都无需安装其他防火墙。

The firewall includes three different profiles, so you can apply different rules to private and public networks. These options are included in the Windows Firewall with Advanced Security snap-in, which first appeared in Windows Vista.

防火墙包括三个不同的配置文件，因此您可以将不同的规则应用于私有和公共网络。这些选项包含在“具有高级安全性的Windows防火墙”管理单元中，该管理单元首次出现在Windows Vista中。

访问界面 (Accessing the Interface)

There are a variety of ways to pull up the Windows Firewall with Advanced Security window. One of the most obvious is from the Windows Firewall control panel – click the Advanced settings link in the sidebar.

有多种方法可以拉起“高级安全Windows防火墙”窗口。最明显的例子之一是从Windows防火墙控制面板–单击侧栏中的“高级设置”链接。

You can also type “Windows Firewall” into the search box in the Start menu and select the Windows Firewall with Advanced Security application.

您也可以在“开始”菜单的搜索框中键入“ Windows防火墙”，然后选择“具有高级安全性的Windows防火墙”应用程序。

配置网络配置文件 (Configuring Network Profiles)

The Windows firewall uses three different profiles:

Windows防火墙使用三种不同的配置文件：

Domain Profile: Used when your computer is connected to a domain.

域配置文件：当您的计算机连接到域时使用。
Private: Used when connected to a private network, such as a work or home network.

专用：连接到专用网络(例如工作或家庭网络)时使用。
Public: Used when connected to a public network, such as a public Wi-Fi access point or a direct connection to the Internet.

公共：当连接到公共网络(例如公共Wi-Fi接入点或直接连接到Internet)时使用。

Windows asks whether a network is public or private when you first connect to it.

当您首次连接到网络时，Windows会询问该网络是公共网络还是私有网络。

A computer may use multiple profiles, depending on the situation. For example, a business laptop may use the domain profile when connected to a domain at work, the private profile when connected to a home network, and the public profile when connected to a public Wi-Fi network – all in the same day.

一台计算机可能会使用多个配置文件，具体取决于情况。例如，一台商务笔记本电脑在连接到工作中的域时可以使用域配置文件，在连接到家庭网络时可以使用私有配置文件，而在连接到公共Wi-Fi网络时可以使用公共配置文件-都是在同一天。

Click the Windows Firewall Properties link to configure the firewall profiles.

单击Windows防火墙属性链接以配置防火墙配置文件。

The firewall properties window contains a separate tab for each profile. Windows blocks inbound connections and allows outbound connections for all profiles by default, but you can block all outbound connections and create rules that allow specific types of connections. This setting is profile-specific, so you can use a whitelist only on specific networks.

防火墙属性窗口为每个配置文件包含一个单独的选项卡。 Windows默认会阻止入站连接并允许所有配置文件的出站连接，但是您可以阻止所有出站连接并创建允许特定连接类型的规则。此设置是特定于配置文件的，因此您只能在特定网络上使用白名单。

If you block outbound connections, you won’t receive a notification when a program is blocked – the network connection will fail silently.

如果您阻止出站连接，则当程序被阻止时，您将不会收到通知–网络连接将静默失败。

建立规则 (Creating a Rule)

To create a rule, select the Inbound Rules or Outbound Rules category at the left side of the window and click the Create Rule link at the right side.

要创建规则，请选择窗口左侧的“入站规则”或“出站规则”类别，然后单击右侧的“创建规则”链接。

The Windows firewall offers four types of rules:

Windows防火墙提供四种类型的规则：

Program – Block or allow a program.

程序–阻止或允许程序。
Port – Block or a allow a port, port range, or protocol.

端口–阻止或允许端口，端口范围或协议。
Predefined – Use a predefined firewall rule included with Windows.

预定义–使用Windows随附的预定义防火墙规则。
Custom – Specify a combination of program, port, and IP address to block or allow.

自定义–指定要阻止或允许的程序，端口和IP地址的组合。

规则示例：阻止程序 (Example Rule: Blocking a Program)

Let’s say we want to block a specific program from communicating with the Internet — we don’t have to install a third-party firewall to do that.

假设我们要阻止特定程序与Internet通信-我们不必安装第三方防火墙即可。

First, select the Program rule type. On the next screen, use the Browse button and select the program’s .exe file.

首先，选择“程序”规则类型。在下一个屏幕上，使用“浏览”按钮并选择程序的.exe文件。

On the Action screen, select “Block the connection.” If you were setting up a whitelist after blocking all applications by default, you’d select “Allow the connection” to whitelist the application instead.

在“操作”屏幕上，选择“阻止连接”。如果默认情况下要在阻止所有应用程序后设置白名单，则可以选择“允许连接”将该应用程序列入白名单。

On the Profile screen, you can apply the rule to a specific profile – for example, if you only want a program blocked when you’re connected to public Wi-Fi and other insecure networks, leave the “Public” box checked. By default, Windows applies the rule to all profiles.

在“配置文件”屏幕上，您可以将规则应用于特定的配置文件-例如，如果仅在连接到公共Wi-Fi和其他不安全网络时只希望阻止程序，则请选中“公共”框。默认情况下，Windows将规则应用于所有配置文件。

On the Name screen, you can name the rule and enter an optional description. This will help you identify the rule later.

在名称屏幕上，您可以命名规则并输入可选描述。这将有助于您以后确定规则。

Firewall rules you create take effect immediately. Rules you create will appear in the list, so you can easily disable or delete them.

您创建的防火墙规则将立即生效。您创建的规则将出现在列表中，因此您可以轻松地禁用或删除它们。

规则示例：限制访问 (Example Rule: Restricting Access)

If you really want to lock down a program, you can restrict the ports and IP addresses it connects to. For example, let’s say you have a server application that you only want accessed from a specific IP address.

如果您确实要锁定程序，则可以限制程序连接到的端口和IP地址。例如，假设您有一个服务器应用程序，只希望从特定的IP地址进行访问。

From the Inbound Rule list, click New Rule and select the Custom rule type.

从“入站规则”列表中，单击“新建规则”，然后选择“自定义”规则类型。

On the Program pane, select the program you want to restrict. If the program is running as a Windows service, use the Customize button to select the service from a list. To restrict all network traffic on the computer to communicating with a specific IP address or port range, select “All programs” instead of specifying a specific program.

在“程序”窗格上，选择要限制的程序。如果程序作为Windows服务运行，请使用“自定义”按钮从列表中选择服务。若要限制计算机上的所有网络通信以与特定IP地址或端口范围进行通信，请选择“所有程序”而不是指定特定程序。

On the Protocol and Ports pane, select a protocol type and specify ports. For example, if you’re running a web server application, you can restrict the web server application to TCP connections on ports 80 and 443 by entering these ports in the Local port box.

在“协议和端口”窗格上，选择协议类型并指定端口。例如，如果您正在运行Web服务器应用程序，则可以通过在“本地端口”框中输入以下端口，将Web服务器应用程序限制为端口80和443上的TCP连接。

The Scope tab allows you to restrict IP addresses. For example, if you only want the server communicating with a specific IP address, enter that IP address in the remote IP addresses box.

范围选项卡允许您限制IP地址。例如，如果只希望服务器与特定IP地址通信，则在“远程IP地址”框中输入该IP地址。

Select the “Allow the connection” option to allow the connection from the IP address and ports you specified. Be sure to check that no other firewall rules apply to the program – for example, if you have a firewall rule that allows all inbound traffic to the server application, this rule won’t do anything.

选择“允许连接”选项以允许从您指定的IP地址和端口进行连接。确保检查是否没有其他防火墙规则适用于该程序–例如，如果您有一个防火墙规则允许所有到服务器应用程序的入站通信，则此规则将不执行任何操作。

The rule takes effect after you specify the profiles it will apply to and name it.

该规则在您指定要应用的配置文件并命名后生效。

The Windows firewall isn’t as easy-to-use as third-party firewalls, but it offers a surprising amount of power. If you want more control and ease of use, you may be better off with a third-party firewall.

Windows防火墙不像第三方防火墙那样易于使用，但是它提供了惊人的功能。如果您想要更多的控制和易用性，使用第三方防火墙可能会更好。

翻译自: https://www.howtogeek.com/112564/how-to-create-advanced-firewall-rules-in-the-windows-firewall/

windows防火墙规则