Jump to content
Tuts 4 You

How to toggle On/Off entire In/Out traffic & ports and just all?


Recommended Posts

Hi guys,

so I have a new little question so maybe you can help.In the past I have seen diffrent tools who can block all in and outgoing traffic just by using a toggle switch (no network disable stuff) which is really practical and now I would like to know how it can be done by coding any tiny app by myself.In some cases I don't use any of those apps and want to block all In/Out-going traffic but I don't know what I have to do / code to make it possible.So can anyone explain how it can be done without to disable the network from router or removing cable etc.Just want to create my own simple switcher with On/Off mode for all.I don't yet how those tools do it yet.Maybe you can bring some light into this.Thank you.

greetz

Link to comment

all the apps u referring, using windows built in fw.

this batch script from somewhere I grab it, no remember where @ 

Block all executables in a folder using Windows Firewall

@echo off
set name=
set x=0
cd /d "%~dp0"
for /f "delims=" %%? in ('dir /b /s /aa *.exe') do call :Block "%%~?"
echo All EXEs Blocked.
pause
goto :eof
:Block
set /a x+=1
netsh advfirewall firewall delete rule name=all program="%~1"
netsh advfirewall firewall add rule name="Block %name% %x%" dir=out action=block program="%~1" profile=any interfacetype=any
goto :eof

 

search, im 100% sure, u can do the same with 1 line rule , to block all outgoing traffic  aka with 

netsh advfirewall firewall add rule xxxxxxxxxxxx

[edit]

possible this 

superuser.com/a/898184
winintro.ru/netsh_technicalreference.en/html/1a736f2d-ecf8-4780-8e0f-85c4db75230b.htm

Edited by whoknows
  • Like 1
Link to comment

Hi wk,

thanks for the info.I found also this site...

https://github.com/sdovnic/advfirewall

....showing some commands to block / allow all...

netsh advfirewall set allprofiles firewallpolicy blockinbound,blockoutbound

netsh advfirewall set allprofiles firewallpolicy allowinbound,allowoutbound

....but I'am still not sure yet whether I can try this just so because I'am using a Firewall (GlassWire) what handles many rules.This firewall for example has a menu to choose BlockAll to disable all In/Out stuff.I was trying to check the "wf.msc" and see this...when GW-FW is on (ASK to connect)....

A_2022-01-17_194439.png.59c0c704dbac64224434f6cce684d28b.png

....and when I set to BlockAll I get this to see....

B_2022-01-17_194439.png.24bf2e032204ac7b34006f2f9b7146a9.png

...but I'am not sure whether the GW-FW also just did send the commands.....

netsh advfirewall set allprofiles firewallpolicy blockinbound,blockoutbound

netsh advfirewall set allprofiles firewallpolicy allowinbound,allowoutbound

....when I Block/Allow it back etc you know.The question is what happens when using the 2 commands above.I don't know whether the 2 commands to block & allow do change EVERY single In/Out rule the in list or whether the commands just create / delete some OVER rule you know?Normaly I would like to Block ALL and then restore ALL back as it was before you know but I'am not sure whether the 2 commands above are doing that like I imagine.Maybe you have some more hints / ideas how to make it right without to destroy anything / rules which are present here etc you know.

greetz

Link to comment

hi @LCF-AT

if 

Quote

I'am using a Firewall (GlassWire) what handles many rules.This firewall for example has a menu to choose BlockAll to disable all In/Out stuff

then

why u asking for How to toggle On/Off entire In/Out traffic & ports and just all?

 

:wallbash:

  • Haha 1
Link to comment

Because I don't use such tools always as I said before.In this case I wanna know how to manage Block all manually on similar way quickly.

So I tried a little around and it really must be only this command I have to use to block all...

blockinboundalways
netsh advfirewall set allprofiles firewallpolicy blockinboundalways,blockoutbound

...incomming traffic also if they are rules set but it still allows outgoings if rules set (there is no blockoutboundalways option).I think the GlassWire does same so far I can see the changes in WD.Otherwise I also tried to create a own In&Out rule to block all and this seems also to work.I tried go on and write this now...

// Delete my rules if present
netsh advfirewall firewall delete rule name="Block_All_Out"
netsh advfirewall firewall delete rule name="Block_All_In"

// Create Block Rule for all Out
netsh advfirewall firewall add rule name="Block_All_Out" dir=out protocol=any action=block profile=any interfacetype=any enable=yes
// Create Block Rule for all In
netsh advfirewall firewall add rule name="Block_All_In" dir=in protocol=any action=block profile=any interfacetype=any enable=yes

...to delete & create 2 rules for in & out access.Seems to work. :) Somehow it can create many rules with same name.Just need to find out how to call CreateProcess with cmd & the commands above with some Admin rights.

greetz

  • Like 1
Link to comment

Hi again,

just have some more little questions about the firewall rules.So as I see it right then I just need to create 2 new rules to BLOCK all IN & OUT going connection as I post one post before above.

It seems that I also need to change the Firewall settings itself for all domains what means I have 1) enable the Firewall and 2) setting the In&Out Bounds connection settings to block.Maybe its just optional so I'am not sure yet about whether its just enough to ENABLE Firewall & Creating my 2 rules which should block all.

Now I was looking how I can find out the firewall settings to backup them before I change it.As I see it right then I can read them from registry and change them there.

FW1_2022-01-19_002711.png.5dd1e92a663644c53a46e0c3ce6d7fb2.png

A_2022-01-17_194439.png

...

FW2_2022-01-19_002711.png.2630d9b234782527ffc29ae81cc10e88.png

So that means I can read the parameters from registry of all 3 domains I can backup so far.So my question now is whether I "must or not" change the main IN & OUT Bound paramters (to any state) IF I have created a own block rule?Its a bit contfusing a little.Lets say I just enable the firewall for all domains and the In&Out settings above are set to allowed BUT I have created a In&Out rule to Block All.What happens then?Otherwise when I set the InBound setting to Block All then I also don't need to create a rule for In Bounds.So at the end I just wanna Block all In&Out connections and then restoring the original state back.If anyone has some more hints how the settings here must be set correctly to Block ALL (In/out/under/over/whatever directions are comming from) then just tell me. :)

PS: Does it play a role whether I enable the Firewall with netsh command (CreateProcess/Cmd) or changing directly in registry (using Reg functions to set)?I must use the reg functions to read the states.

greetz

Link to comment

Hi again,

ok so it seems it dosen't work to change values in registry directly to get any effect changes in the Firewall.Now I have to use the netsh tool & commands as I told before.I tried this now by using CreateProcess to execute cmd but it fails because of UAC / AdminRights.On internet I found a info to use ShellExecuteEx function with "runas" lpVerb.

https://docs.microsoft.com/en-us/windows/win32/api/shellapi/ns-shellapi-shellexecuteinfoa

Seems to work but now I get that prompt message of Windows to see where I have to allow it or not first...

runas: Launches an application as Administrator. User Account Control (UAC) 
will prompt the user for consent to run the application elevated or enter the 
credentials of an administrator account used to run the application.

...but this is bad.How can I use this function to start the CMD with my commands with Admin Rights BUT without to get the window to see where the user has to choose?Below my simple test function so far.

		invoke RtlZeroMemory,addr SHELL,sizeof SHELL
		mov SHELL.cbSize,sizeof SHELLEXECUTEINFO
		mov SHELL.fMask,SEE_MASK_NOCLOSEPROCESS
		mov SHELL.lpVerb, chr$("runas") ; admin rights
		mov SHELL.lpFile,chr$("cmd")
		mov SHELL.lpParameters,chr$("/k netsh advfirewall set allprofiles firewallpolicy blockinbound,blockoutbound")
		mov SHELL.nShow,SW_SHOW
		invoke ShellExecuteEx,addr SHELL

Is it anyhow doable etc?

greetz

Link to comment

Hi again,

I'am still trying to find out how to run a process with Admin Priviledges AND without / bypass the UAC prompt (Yes/No Nag the user has to choose/press).On internet I found some infos & videos by using Task Scheduler and creating new task & creating a shortcut of that task to doubleclick it and run the App X without to get any UAC prompt anymore to see.So this manually method is already pretty much...

https://winaero.com/open-any-program-as-administrator-without-uac-prompt/

...and the question now is whether its anyhow possible to bypass that UAC promt in coding by using any functions XY etc?So I think somehow it must be doable because apps like GlassWire do change the WindowsDefender state and if I see it right then they just can do it by calling the netsh command.Not sure about it but I think so.Other tools like Net Limiter can also block entire internet and I think they must use/call netsh too.In both cases (GlassWire & Net Limiter) I don't get any UAC promt to see when I do enable/disable a block of in/out traffic etc.How are they doing that?Has anyone any clue?

How to execute this example command....

netsh advfirewall set allprofiles firewallpolicy blockinbound,blockoutbound

....successfully (CreateProcess or others) without to get the UAC promt?Some little infos / help would be nice so I just stuck here in that UAC bypass question.

PS: By the way, how does Windows decide which app needs to start with UAC nag and which not?When I run my own apps then I don't get any UAC.

greetz

Link to comment

Hi kao,

thanks for the link but sounds bad using that like some malwareI?! don't think that tools like GlassWire or else doing that to change settings in WD Firewall just to bypass the UAC promt.It must also work anyhow else but how is the question.

greetz

Link to comment

Hi again,

still didn't found a way to execute cmd as Admin without UAC window etc.All in all pretty bad to manage that.Now I wrote a small batch script to block / unblock all In/Out goings by creating a IN/OUT rule and delete it on unblock.

@echo off
set "title=Block Internet!"
title %title%
echo.
echo===========================================================================
echo===================     %title%     ===================
echo===========================================================================
echo.   Tasks:                            
echo.   Block    In/Out going Internet = Press Key 1
echo.   Un-Block In/Out going Internet = Press Key 2
echo.   Exit                           = Press Key 0
echo===========================================================================
echo===========================================================================
set /p "scx3=Choose a task:"
if "%scx3%"=="0" goto:eof 		:: ENDE
if "%scx3%"=="1" goto BLOCK		:: BLOCK
if "%scx3%"=="2" goto UNBLOCK		:: UNBLOCK
goto:eof

:BLOCK
:: Enable Windows Firewall
netsh advfirewall set allprofiles state on
:: Delete my two custom rules if present
netsh advfirewall firewall delete rule name="Block_All_Out"
netsh advfirewall firewall delete rule name="Block_All_In"
:: Create Block Rule for all Out
netsh advfirewall firewall add rule name="Block_All_Out" dir=out protocol=any action=block profile=any interfacetype=any enable=yes
:: Create Block Rule for all In
netsh advfirewall firewall add rule name="Block_All_In" dir=in protocol=any action=block profile=any interfacetype=any enable=yes
pause
goto:eof


:UNBLOCK
:: Enable Windows Firewall
netsh advfirewall set allprofiles state on
:: Delete my two custom rules if present
netsh advfirewall firewall delete rule name="Block_All_Out"
netsh advfirewall firewall delete rule name="Block_All_In"
pause
goto:eof

I also created a task in schedule window to make a shortcut with Admin rights (No UAC to see). :) Seems to work so far.Now I can quickly Block/UnBlock all without other tools.All in all its ok now for me.I also found out that its not important whether the WFirewall profiles are set to allow or block etc so its just important to enable the firewall and to set the two rules to block and thats it.

greetz

Link to comment

Hi again,

just have a question about batch language and how to check whether a profile is ON or OFF.

Example: Just wanna check this profile state...

netsh advfirewall show domainprofile state


Domänenprofil-Einstellungen:
----------------------------------------------------------------------
Status                                   EIN
OK.

...below you see the return.Also you can see I get the status EIN back what mean ON in english.The problem is that I need to get any value back and not any word of language XY the user does use you know.On internet I found a info to check the word...

netsh AdvFirewall Show AllProfiles State|Find /I " ON">Nul&&(@Echo Is On)||@Echo Is Off

...for ON which seems to work for english users but not in my case and I also don't wanna set the word EIN into.How can I do check this else?Or can I disable the German language to get it in English back etc?

greetz

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...