Deutsch | Français

Zones List (Plus/Network/Cloud Edition)
The Zones list is a list of predefined zones (sets of the network access rules). Every rule is a named group of parameters (IP address/network, protocol, port etc) to be applied to programs of the Programs list. The zones can be added/removed/edited with the toolbar, right clicking the list item or with the hotkeys.
Zone names must be unique. Editing a zone creates new zone always. If the zone with the new/edited name exists, the zone with the same name will be overwritten; the new zone will be inserted otherwise. All the zones operations are performed on by-copy basis. Applying a zone to a program copies the entire zone from the repository (the Zones list) and sets the zone copy to the program. Zones set to programs can be edited/modified independently as the result.
Editing a zone of the Zones list can update listed programs of the Programs list with the matched (by name) zone. A zone content (rules and parameters) can be viewed/edited with the Zone Editor dialog.
Zone Editor
The zone is a set of network access rules and options to make the decision for permitting/prohibiting the network access attempts. The rule can be set with the following parameters: name (as a way to identify the rule), enable/disable flag, IPv4/v6 address/subnetwork, protocol, local/remote port, port forwarding, traffic direction and the rule result. When a program accesses network, the access parameters (IP/port/protocol/direction) are used to pass/reject the access attempt. The firewall compares program access parameters with the zone set to the program rule by rule, sequentially, in the reverse order. The rules at the bottom take precedence. If a rule parameters are matched program access information, the firewall uses the rule result to enable/disable the program accordingly. If there are no rules matched program access data, the result parameter of the entire zone is used enable/disable the program access attempt. Every program access attempt is treated in the same manner individually.
You can create a new zone from scratch anytime. There are two approaches for creating a zone practically.
  • Creating the zone with the ZoneResult=Enable and add disabling (with the [Rule]Result=Disable) rules (exceptions)
  • Creating the zone with the ZoneResult=Disable and add allowing (with the [Rule]Result=Enable) rules (exceptions)
The choice depends on whether you would like the zone to be generally enabling or generally disabling.
Pressing "Add from the repository" button you can list all the rules from all the existing zones and add (re-use) an existing rule to the zone.
Rules Precedence (ascending)
  • Universal (hidden) detection/guard block. Prevents networks access of any unknown/unlisted application.
  • ZoneResult of zone applied to application of the Programs pane requesting the network access.
  • Domains BelowApps Low (the Domains pane).
  • Domains BelowApps High (the Domains pane).
  • Settings/AllApplications zone (from top to bottom).
  • Per-application rules (from top to bottom ) as applied to applications of the Programs pane.
  • Domains AboveApps Low (*) (the Domains pane).
  • Domains AboveApps High (*) (the Domains pane.
  • Global Mode (TrayIcon/RightClick/Mode) (if the mode is not equal to Mode:Normal)
  • Virtual sub network items (Network/Cloud Edition) (**).
(*) AboveApps priority is higher than per-application rules, so any enabling rules at that priority overrides per-application rules. As the result, your applications may be accidentally too enabled. Please take care not to put widely enabling patterns (as "*") into AboveApps in the Domains pane.

(**) if a destination computer is encountered in a virtual sub network or AllApplications zone, a program access to the destination (the virtual sub network) will not be detected and the program will not be inserted into the Programs List automatically.
Such complex (at first sight) priority structure provides you with maximum flexibility while configuring the network access. Windows 10 Firewall Control provides you with the zones manipulations at any level of details because of the rules flexibility and adjustability. The same zone approach can be used to manage network access for large computer groups (sub-networks) and/or for a single computer.
External/Forwarded Port
There is a possibility to configure incoming external/worldwide access to a selected program via Port Forwarding with uPnP compatible external hardware firewall/router.
Windows 10 Firewall Control traces the programs running state, initiates port forwarding to the hardware firewall/router on a program launch and removes the port forwarding from the firewall/router on the program termination/exit automatically. The following parameters are to be used in order to start/configure a Forwarded Port applied to a program:
  • TCP or UDP protocol
  • Incoming direction
  • Local Port
  • Forwarded Port
  • Rule result set to Enable
If a rule with the specified parameters is included in a zone and applied to a listed program, Windows 10 Firewall Control will redirect incoming data of Forwarded (external) Port to the Local Port with the specified protocol.