Windows 10: Blocking incoming/outgoing except MS Updates?

I have a rig that I use for backups of all my devices, a desktop running windows 10. What is A way, or the best way, to limit its connectivity to the LAN, and to MS Updates, and effectively block everything else? searching around the web, I see a number of similar queries, but not good answers.

perhaps I better do it through the router?*really in this case netgear R7000. the 'server' has static ip...

:)

 

Nokia C2 - how to block numbers?

THIS PROCEDURE CAN NOT BLOCK A SPECIFIC NO, INSTEAD IT WILL BLOCK ALL OUTGOING /INCOMING CALLS.

 

COMPUTERS IN NETWORK

The problem was solved by configuring the antivirus programme which was blocking the incoming and outgoing traffic.

 

A simple way is to remove the default gateway from the network setting then nothing can get out then use then use the router CMD to give a route to ms updates only

 

You can do this but first you will have to find out the correct URL's for Windows update that you need to add to your HOSTS file. Once you do the changes below you will not have any connectivity except for the changes you make in the HOSTS file.

I did this on a Win 7 machine but all versions of Windows should behave the same way, I had to use another OS so I could write this to the forum.

In My example I only want my computer to connect to example.com so once I found the IP I did this.

Open your network adapters and set a static IP with all the correct settings for your subnet.

In my case it looks like this:




and set the DNS server to 127.0.0.1 leave the secondary empty.

Now open your HOSTS file usually located at C:\Windows\System32\drivers\etc\ (I use notepad++ It just works without a fuss)

My edited HOSTS file (I added 93.184.216.34 example.com at the bottom)

Code: # Copyright (c) 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. # 127.0.0.1 localhost # ::1 localhost 93.184.216.34 example.com[/quote] I had to do a bit command line foo to get the IP of example.com before I made the changes to the network adapter using the command nslookup example.com
Code: >nslookup example.com Server: pi10 Address: 192.168.200.10 Non-authoritative answer: Name: example.com Addresses: 2606:2800:220:1:248:1893:25c8:1946 93.184.216.34[/quote] After making the above changes you will have to run the command below to flush out you cached DNS entries or it will take awhile for the changes to work
Code: ipconfig /flushdns[/quote] I do not know what URL Microsoft update uses you will have to figure that out yourself DNSQuerySniffer v1.65 from NirSoft may help you with that or the netstat command.

Just be aware that this is by no means a secure way to lock down a computer, but for a home user with a computer that friends or family do not tinker with it will be fairly safe.

Also be aware that Microsoft has probably many thousands of update servers and at anytime the IP you pick may go down unexpectedly.

 

You may be in for a bigger job than you think, I went threw my DNS server logs for the last 4 or 5 months and found what I think might be related to Windows update

Code: 000055-1.l.windowsupdate.com 000092-1.l.windowsupdate.com ## URL's like these can grow into the 000100-1.l.windowsupdate.com ## millions if they want 000797-1.l.windowsupdate.com 000855-1.l.windowsupdate.com 000e57-1.l.windowsupdate.com 000eed-1.l.windowsupdate.com 00108b-1.l.windowsupdate.com 001194-1.l.windowsupdate.com 0015fa-1.l.windowsupdate.com 001a22-1.l.windowsupdate.com 001a95-1.l.windowsupdate.com 001d24-1.l.windowsupdate.com 001d8d-1.l.windowsupdate.com 001de9-1.l.windowsupdate.com 00208f-1.l.windowsupdate.com 0023dc-1.l.windowsupdate.com 0024ca-1.l.windowsupdate.com 002545-1.l.windowsupdate.com 00254c-1.l.windowsupdate.com 0026a2-1.l.windowsupdate.com ## End of millions appexmapsappupdate.blob.core.windows.net au.download.windowsupdate.com catalog.update.microsoft.com ctldl.windowsupdate.com definitionupdates.microsoft.com download.microsoft.com download.windowsupdate.com ds.download.windowsupdate.com fe2.update.microsoft.com sls.update.microsoft.com updates.push.services.mozilla.com windowsupdate.microsoft.com windowsupdate.microsoft.com.local www.catalog.update.microsoft.com[/quote]