sign up

log in

Super User is a question and answer site for computer enthusiasts and power users. It's 100% free, no registration required.

How can I restrict windows 7 to only use the local subnet, but block the internet
I want to block all internet connections to and from my windows 7 machine, but allow it to access everything on the local network. The
local network is behind an Apple Airport Extreme.
What is the easiest way to do this?
windows-7

windows

networking

firewall

home-networking

edited Oct 13 '11 at 2:26

asked Oct 12 '11 at 14:10

haimg
13.6k

Tom de koning
10

52

90

36

Do you want to do this on a permanent basis, or based on some condition? haimg Oct 12 '11 at 16:07
I'd like a way to do this by script, but it does not have to respond to anything from the outside.
Tom de koning Oct 12 '11 at 17:32
I amended my answer and added control by script. haimg Oct 12 '11 at 18:22

3 Answers

Option #1 (Windows Firewall rules)

You could create a firewall rule to block these connections. Follow these steps:

Change the default firewall behavior to block outbound network connections:

1. Enter "firewall" from the Start search and open "Windows Firewall with Advanced
Security".
2. Notice which firewall profile is active. It says "... is active" in the overview list.
3. Click on

Windows Firewall Properties

4. Change state for Outbound connections for the active profile to

Block

5. Click OK to apply.

Create a firewall rule to allow local network outbound connections:

1. Go to

Outbound Rules

2. Rule type should be

and select

Custom

New Rule...

from the Actions in the right pane.

3. Go to the Scope step and for the remote IP address, select these IP addresses , then
Add.. , then Predefined set of computers and finally Local Subnet .
4. Go to

Name

step, enter name of "Allow local Subnet" and click Finish.

You're done configuring it!

Control via script

To block all outbound Internet traffic:
netsh advfirewall set currentprofile firewallpolicy blockinbound,blockoutbound

To allow all outbound Internet traffic

netsh advfirewall set currentprofile firewallpolicy blockinbound,allowoutbound

Option #2 (Specialized software)

If you are trying to block Internet access as a result of excessive Internet usage, there is
specialized software that can block all Internet access when monthly or daily Internet traffic
exceeds pre-defined maximum. Local network access is still allowed, though. One such
program is DU Meter, which also has many other bells and whistles related to Internet
bandwidth management on Windows computer.
Disclaimer: I'm the author of DU Meter.

tour

help

Sign up

edited Oct 12 '11 at 18:21

answered Oct 12 '11 at 18:14

haimg
13.6k

10

52

90

Does this work on win8? Ave Maleficum Oct 14 '14 at 12:21

Should work, I haven't tested, though. haimg Oct 14 '14 at 14:38

If you disable DHCP then set an IP address and subnet mask but leave default gateway blank,
then your computer will be unable to access outside the local network.
If someone is an administrator over the local machine, they would be able to reverse this if
they were trying, but if that isn't a concern then this should work.
answered Oct 12 '11 at 14:16

Stephen Jennings
17.6k

41

86

+1: Make sure that the IP address you pick isn't part of the DHCP scope. afrazier Oct 12 '11 at 14:19
This is brilliant! LAN works and no internet at all. I put my router IP DNS in so that I can still use LAN DNS
names for devices. SO simple! Thanks +1 ppumkin Oct 15 '15 at 16:57

If you're working through the GUI in Windows 8.x:

1. set the Scope of the Local IP address to "Any IP address"
2. set the Remote IP address to "These IP addresses"
3. select "Internet" under the list of "Predefined set of computers"
Make sure to check the correct profile that is assigned to the network card that you want
this rule to work on. Lastly:
4. check that the rule is enabled
5. set the Action to "Block the connection"
The rule is active immediately
answered Dec 19 '14 at 1:11

community wiki
naisanza