I am aware that I can block internet traffic for a specific application.
However, I need to be able to instantly turn on/off this block block with a command (e.g. from the Command Line).
Is that possible? How?
Generally speaking I would say no. If the rules reside in the registry (not sure they do) you would have to have a script ready in the prompt. Possibly with a .bat file? You can add a shortcut to the advanced firewall setting on the widget that will open up the application rules right under the firewall settings. I think this would take less time then opening a CMD prompt and entering a string for changing a rule this way (if possible). Unless I understand your meaning. .
I am not doing this manually. I already have a script that runs when my VPN crashes. I would like to add a line to my script that blocks internet traffic for certain applications when the script is triggered.
Why not just kill it in that case?
I tried to kill it from task manager and that corrupted some files that were being processed. Thus, I assume that “tskill” would also corrupt any files in process?
You need to purchase a VPN with a kill switch. Blocks all traffic on crash or leak. One example is PIA. Maybe I still don’t understand. Good Luck
It should be located under : HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\
If your VPN connection has it’s own virtual network adapter and the applications are always supposed to use the VPN connection then you can set up these rules to only allow traffic over the VPN interface and never any other interface.
Rule #1:
Allow TCP/UDP Out From VPN MAC Address to MAC Any where Source Port is Any and Destination Port is Any
Rule #2 (Optional, only use if your application needs inbound traffic, example is torrent applications):
Allow TCP/UDP In from MAC Any to VPN MAC Address where Source Port is Any and Destination Port is single port (whatever port the application is set up to listen to)
Rule 3:
Block IP IN/OUT From MAC Any to MAC Any Where Protocol is Any
Rule 1 is to allow the application to send outbound traffic via the VPN interface and rule 2 is to allow others to establish a connection with you via the VPN interface, Rule 3 is to block any other traffic which means the application can only ever communicate via the VPN interface. This also means that the application won’t have any internet if the VPN isn’t active. It also means you have to update the MAC addresses in the rules if you need to reinstall the adapter (like tap adapter for example)
Hope that helps.
Thanks, I will try to set that up!
First question though; how do in find the VPN MAC Address?
Not sure what VPN you are using but if it’s using OpenVPN then it should have a tap adapter. What you can do is open CMD and type in “ipconfig /all” Then look for the tap adapter and check what the MAC address is.
Edit: Called “Physical address” in the output from “ipconfig /all”
I already use PIA. However, it randomly crashes, so I loose the VPN.
Do you have the kill switch enabled under advanced options. If so all traffic is blocked when the VPN crashes. That’s the point. I take it your running something on the VPN you want private. Rest assured the kill switch will stop all traffic dead when the VPN crashes on the VPN tunnel or regular traffic.
Yes, the kill switch is enabled. If I loose the connection (the PIA manager icon turns red), all internet traffic is indeed blocked as expected. If I shut down PIA manger manually, the internet traffic is of course not blocked as PIA Manager is no longer blocking internet traffic.
So far so good. However, randomly, the PIA manager shuts down by itself, and the kill switch is therefore no longer working. That is why I need a second layer of protection.
Note: If I restart PIA, the connection shows null (null) and I am not protected. I need to disconnect and reconnect to a VPN server to be protected again.
Sanya IV Litvyak,
Your suggestion worked great.
Thank you so much!!
The protocol suggested by Sanya IV Litvyak worked great until I suddenly realized that the application wasn’t blocked anymore when the VPN was down.
I checked the 3 rules, and noticed that a 4th rule had been added “by itself” on top “Allow all”.
How on earth did “Allow all” get added? I never added this!
The protocol suggested by Sanya IV Litvyak works great.
However, I am not able to start my application (Deluged) unless I first turn off the firewall. After it is running and is connected, I can turn on the Firewall again.
If I try to start it with the Firewall on, the process doesn’t even show up in task manager.