Blocking non-VPN internet connections and leaks system-wide with Windows Firewall or Windows Filtering Platform?

[Viaica 1]

Is there a recommended way of securing a system-wide firewall on Windows which would only allow connections to Airvpn and block everything else, even when Eddie is not running?
One of my old setups is still using the Comodo Firewall way that achieves this which is described in the Guides section of this forum, but Comodo Firewall is no longer a free product. And maybe nowadays Windows can achieve it with it's own tools. I notice that Eddie's network lock uses Windows Filtering Platform by default and also has Windows Firewall as an option. Would it be possible to have these settings posted here so they could be applied as permanent rules on Windows? There is a free tool called "simplewall" that can be used to create WFP-rules the way I understand it, could this maybe be used with the same type of rules that Eddie has and make them permanent?
I'm thinking that a modernized guide on blocking non-VPN internet on Windows to supersede the old Comodo guide would be a good idea.

Edited ... by Viaica

[iwih2gk 93]

Yes what you want can be done.  I do it using Linux on all my systems.  I know you don't have linux but I am simply describing the HOW for what will work quite well for you.  Eddie will move your firewall and save it while the client creates its own firewall using the Network Lock feature.  So, while Eddie is running the system firewall is Eddie client's.  Then when you close/exit Eddie the client will copy back/replace YOUR original firewall on you system.  Works perfectly and automatically.

So then, YOU need to create a firewall (easy but let us know if you need help) where your OS cannot go online to any single site at all.  I use nft tables and when I mount my computer there is NO ability to go online until I start Eddie and then its all network locked preventing leaks.  When I shutdown/exit Eddie my personal firewall renders my computer unable to go to online workspace.  No exceptions.

This method also prevents me from making a mistake by going online forgetting to use Eddie first.  Trust me its easy to get in a hurry and before you know it you are surfing with your actual IP.

[Viaica 1]

It would be best of course to get a working set of rules to implement straight away, either WFP or Windows Firewall, without having to go by trial and error myself. And I think it would help other people as well who wish to secure their Windows setups.

[Staff 9893]

Hello!

In order to enable a set of Windows Filtering Platform (WFP) rules to block all outbound traffic on a Windows 10/11 system, make sure that Eddie is NOT running and follow these steps:

1. Open the Start menu and search for "Windows Defender Firewall with Advanced Security".
2. Click on the "Windows Defender Firewall with Advanced Security" icon to open the firewall settings.
3. In the left pane, click on "Outbound Rules".
4. In the right pane, click on the "New Rule" button.
5. In the New Outbound Rule Wizard, select "Custom" and click "Next".
6. Select "All Programs" and click "Next".
7. In the "Protocols and Ports" section, select "All outbound traffic" and click "Next".
8. In the "Action" section, select "Block the connection" and click "Next".
9. In the "Profile" section, select the profiles for which you want to enable the rule (e.g., Domain, Private, Public) and click "Next".
10. In the "Name" section, give the rule a name you like (e.g., "Block all outbound traffic") and click "Finish".

The new outbound rule will be added to the list of firewall rules and will block all outbound traffic on the system. Then, when you run Eddie, enable Network Lock to restore traffic flow to the VPN servers. Disable Network Lock or shut down Eddie and the previous, block-all rules will be restored.

Note: no third-party packet filtering tool should run as it could re-modify your rules.

Kind regards
 

[Viaica 1]

Finally had the time to test this out on my laptop.
 

On 12/24/2022 at 11:12 AM, Staff said:

Hello!

In order to enable a set of Windows Filtering Platform (WFP) rules to block all outbound traffic on a Windows 10/11 system, make sure that Eddie is NOT running and follow these steps:

1. Open the Start menu and search for "Windows Defender Firewall with Advanced Security".
2. Click on the "Windows Defender Firewall with Advanced Security" icon to open the firewall settings.
3. In the left pane, click on "Outbound Rules".
4. In the right pane, click on the "New Rule" button.
5. In the New Outbound Rule Wizard, select "Custom" and click "Next".
6. Select "All Programs" and click "Next".
7. In the "Protocols and Ports" section, select "All outbound traffic" and click "Next".
8. In the "Action" section, select "Block the connection" and click "Next".
9. In the "Profile" section, select the profiles for which you want to enable the rule (e.g., Domain, Private, Public) and click "Next".
10. In the "Name" section, give the rule a name you like (e.g., "Block all outbound traffic") and click "Finish".

The new outbound rule will be added to the list of firewall rules and will block all outbound traffic on the system. Then, when you run Eddie, enable Network Lock to restore traffic flow to the VPN servers. Disable Network Lock or shut down Eddie and the previous, block-all rules will be restored.

Note: no third-party packet filtering tool should run as it could re-modify your rules.

Kind regards
 

So this didn't work for me on Win10. The rule does what it says and blocks all outgoing traffic, including Eddie and VPN, the Network lock doesn't replace or override it. Eddie fails to login or connect to the servers.
I then tried making a rule of allowed AirVPN IP's, but this didn't work either and I read online that deny rules always take precedence over allow rules in Windows Firewall so it has to be made in the opposite way.
So by googling and tinkering I think I managed to find a working solution.

I have Eddie set as a Public profile and my home network as a Private profile. In "Windows Firewall with Advanced Security" > "Windows Firewall Properties" I changed the "Outbound Connections" to "Block" for Private Profile, but left the Public Profile on the default allow setting. This would allow the VPN network but block outbound on normal network.
I could then create a custom outbound rule which allows connections only to specified remote IPs (of AirVPN service and the couple of servers I mainly use) in the Private Profile, also possible is to limit it to the protocol and ports used e.g. UDP and 443,1637. I also made an outbound rule allowing the subnet of my home network in the Private profile.
It's kind of rudimentary setup but follows a bit on the same logic that the Comodo based rules had in the past, and I think it works.