I need to block all internet access except for gmail

Any ideas on how to accomplish this, is it even possible?
Many thanks

Wow, I wasn’t expecting this to be impossible.

I’m not sure it’s possible if you would be accessing your mail at the gmail site. Obviously, to do that , you would have to let your browser have internet access. If you are using a mail client you may be able to allow that access while blocking everything else. My question, however, is why?

Not impossible but you’ll have to allow access to DNS - this could be restricted to the browser if you disable the DNS client service - and probably DHCP for svchost. You’ll also have to ascertain the IP address blocks used by googlemail for your region. to do that:

  1. Open an elevated command prompt
  2. Type - nslookup googlemail.google.com

Next you’d need to create a network zone in CIS and add the addresses retrieved by the nslookup command.

Now you can create your rule:

  1. Create a new firewall rule in CIS:

Application Name - Yourbrowser.exe
Action - Allow
Protocol - TCP
Direction - OUT
Source Address- ANY
Destination Address - Your googlrmail network zone
Source Port - ANY
Destination Port - Port Set - HTTPPorts

Application Name - Yourbrowser.exe
Action - Block
Protocol - IP
Direction - OUT
Source Address- ANY
Destination Address - ANY
IP Details - ANY

As I said, you may need to add an additional rule for the browser to do DNS

Application Name - Yourbrowser.exe
Action - Allow
Protocol - UDP
Direction - OUT
Source Address n- ANY
Destination Address - You DNS Servers
Source Port - ANY
Destination Port - Port Set - 53

And if you get an external IP address from your ISP, you’ll need to allow svchost to make a connection. Let me know and we can go through that.

If you wanted to block all other applications:

Application Name - All Applications Group
Action - Block
Protocol - IP
Direction - OUT
Source Address- ANY
Destination Address - ANY
IP Details - ANY

Just make sure your block rules are below your allow rules.

Hey thanks so much, I’ll get this done tonight or tomorrow!

You could also create a single rule that combines both of the rules Radaghast suggested.

Instead of creating one rule that allows access to gmail and a second rule that blocks all access to the internet, you could create a single BLOCK rule but use the EXCEPT option and then enter the details for gmail.

What this does is block access to the internet EXCEPT for gmail.

Just a thought,
Ewen :slight_smile:

Quite true Ewen, although the OP may still need DHCP via svchost, unless they’re using static…

One thing I forgot to mention, although it’s probably obvious, you should remove any existing firewall rules before creating your gmail only rules.