1
0 Comments

I’m wondering if the IP address obtained through a ping is the same as the one required for setting the scope of the Windows firewall rules. The firewall rule is configured to block all outbound traffic to any IP address and applies to all programs and protocols.

Here’s the rule setup:

Type: Outbound Rules
Action: Block the connection
Programs: All
Protocols: Any
Advanced > Profiles: Domain, Private & Public
Scope > Local: Any IP Address
Scope > Remote: Any IP Address

The rule is set for the Domain, Private, and Public profiles and has a local and remote scope of “Any IP Address.”

However, when I ping the target machine that I intend to block, the IP address obtained is accurate:

Nonetheless, I do not wish to obstruct all IP addresses; rather, I intend to prohibit only a particular one. But when I modify the rule and alter the scope from “Any” to “These IP addresses,” the traffic somehow manages to bypass the restriction:

For any diagnostic reasons, here’s the ipconfig from server I want to block:

I came across a discussion advising to modify the “Local IP address” value to “Any IP” to impose a block, but I think this is too broad of a scope.

Is there a way to identify the precise local IP addresses that require blocking?

Otherwise, why does restricting all local IP addresses enable the blockage of remote addresses?

Askify Moderator Edited question April 27, 2023