Creating New Rules

  • Article

Updated: December 1, 2009

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

Windows Firewall with Advanced Security allows you to create the following types of firewall rules:

  • Program rule. This type of rule allows traffic for a specified program. You can identify the program by program path and executable file name.

  • Port rule. This type of rule allows traffic on a specified TCP or UDP port number or range or port numbers.

  • Predefined rule. Windows includes a number of Windows functions that you can enable, such as File and Printer Sharing, Remote Assistance, and Windows Collaboration. Creating a predefined rule actually creates a group of rules that enable the specified Windows functionality to access the network.

  • Custom rule. This type of rule allows you to create a rule that you might not be able to create using the other types of rules. A custom rule allows you to combine any of the rule elements together.

To create a program rule on a local computer

  1. In the Windows Firewall with Advanced Security console tree, select and then right-click Inbound Rules or Outbound Rules, depending on the type you want to create, and click New Rule.

    This action opens either the New Inbound Rule Wizard or the New Outbound Rule Wizard. The steps for creating an inbound or outbound rule are identical.

  2. On the Rule Type page, click Program, and then click Next.

  3. On the Program page, click This program path. Type the path for the executable file for the program, or click Browse to find the program by using Windows Explorer. Click Next.

  4. On the Action page (shown in Figure 8), select the desired behavior, and then click Next.

  5. If you selected Allow the connection if it is secure on the Action page, then the Users and Computers pages are displayed, where you can specify user and computer accounts that are permitted to access the computer through this firewall rule. If you specify users or computers then you must separately create a connection security rule that requires network traffic that matches this rule to be authenticated.

  6. On the Profile page, select the profiles to which the rule should apply, and then click Next.

  7. On the Name page, type a name and a description for the rule, and then click Finish.

To create a port rule on a local computer

  1. In the Windows Firewall with Advanced Security console tree, select and then right-click Inbound Rules or Outbound Rules, depending on the type you want to create, and click New Rule.

    This action opens either the New Inbound Rule Wizard or the New Outbound Rule Wizard. The steps for creating an inbound or outbound rule are identical.

  2. On the Rule Type page, click Port, and then click Next.

  3. On the Protocol and Ports page (shown in Figure 9), select whether the rule should use the TCP or UDP protocol. Click Specific Local Ports, type in the numbers of the ports for which you need to create the rule, and then click Next.

Note

For an outbound rule, it is Specific Remote Ports. 

![](images/Cc771477.eaa1b043-38d6-4ec0-a1f6-ab9740a88622(WS.10).gif)

  1. On the Action page, select the desired behavior, and then click Next.

  2. If you selected Allow the connection if it is secure on the Action page, then the Users and Computers pages are displayed, where you can specify user and computer accounts that are permitted to access the computer through this firewall rule. If you specify users or computers then you must separately create a connection security rule that requires network traffic that matches this rule to be authenticated.

  3. On the Profile page, select the profiles to which the rule should apply, and then click Next.

  4. On the Name page, type a name and a description for the rule, and then click Finish.