The Windows Firewall is your system’s first line of defense against cyberattacks, actively filtering network traffic and blocking unwanted, harmful connections.
One excellent yet underutilized functionality of Windows Firewall is the “Block all incoming connections” setting. This feature blocks all unsolicited incoming connections, including those your firewall rules normally allow, without interfering with outbound connections or responses to outbound-initiated traffic.
This firewall setting is ideal for temporary use, like when you want to harden your IT infrastructure’s endpoint security. In this guide, we’ll show you how to enable or disable the “Block all incoming connections” setting in Windows Firewall.
How to block all incoming connections in Windows Firewall
There are different methods you can use to enable or disable the “Block all incoming connections” feature in Windows Firewall.
📌 Prerequisites:
- Each method outlined below applies to all editions of Windows 11.
- You need administrative rights to configure Windows Firewall.
- This firewall setting can be configured separately for each network profile: domain, private, and public.
📌 Recommended deployment strategies:
Click to Choose a Method | 💻 Best for Individual Users | 💻💻💻 Best for Enterprises |
| Method 1: Via Windows Security | ✓ | |
| Method 2: Via the Windows Defender Firewall Control Panel | ✓ | |
| Method 3: Using PowerShell | ✓ | |
| Method 4: Via Command Prompt | ✓ |
⚠️ Important: Enabling the Block all incoming connection setting may block remote desktop and file sharing. This firewall setting is best suited for temporary use or when you need to harden endpoint security on your remote devices.
Method 1: Enable or disable via Windows Security (GUI)
📌 Use Case: This method quickly enables or disables blocking for a single active profile.
- Open Settings > Privacy & security > Windows Security > Firewall & network protection
- Click the active network profile you want to configure (e.g., Private network or Public network)
- Scroll down to Microsoft Defender Firewall
- Toggle Block all incoming connections, including those in the list of allowed apps:
- On = Block unsolicited incoming connections.
- Off = Allow inbound connections per defined rules.
Once done, your changes will take effect immediately.
Method 2: Configure via the Windows Defender Firewall Control Panel
📌 Use Case: This method is ideal for configuring all network profiles at once.
- Open Control Panel > System and Security > Windows Defender Firewall.
- Click Advanced settings.
- In the left pane, select Windows Defender Firewall Properties and navigate to the Settings section for each profile.
- Under Inbound connections, click Block all connections, then select OK to apply the changes.
💡 Note: You can use Group Policy to enforce this firewall setting on domain-joined devices.
Method 3: Enable or disable using PowerShell
📌 Use Case: This method configures your firewall settings by using the following scripts:
Enable block all incoming on Public profile:
Set-NetFirewallProfile -Profile Public -DefaultInboundAction Block -AllowInboundRules False
Disable block all incoming (allow defined rules):
Set-NetFirewallProfile -Profile Public -AllowInboundRules True
Apply to all profiles:
Set-NetFirewallProfile -All -AllowInboundRules False
Combine with -Verbose for real-time confirmation.
Method 4: Configure via Command Prompt (netsh)
📌 Use Case: This method is ideal when you can’t reset the firewall settings via the GUI.
Enable for Public profile:
netsh advfirewall set publicprofile firewallpolicy blockinboundalways,allowoutbound
Disable block all incoming (allow rule-based exceptions):
netsh advfirewall set publicprofile firewallpolicy blockinbound,allowoutbound
Apply to all profiles (example for Private):
netsh advfirewall set privateprofile firewallpolicy blockinboundalways,allowoutbound
💡 Note: Use Event Viewer or Get-NetFirewallRule to verify if the new policies have been applied to your selected network profile.
The benefits of locking all incoming connections
Enabling the Block all incoming connection setting in Windows Firewall can:
- Strengthen your computer’s cybersecurity whenever it connects to public or guest networks.
- Temporarily lock down devices during security events like an audit.
- Restrict access to services that may have open inbound rules.
- Keep your devices secured in kiosk or VDI scenarios.
Enabling the “Block all incoming connections” setting to strengthen your cybersecurity posture
Now that cyber threats are becoming more sophisticated, a feature like the “Block all incoming connections” setting in Windows Firewall has never been more important.
This configuration will protect your computer from harmful, unwanted traffic without disrupting your outbound communications. It’ll allow you to work in unsecured environments with greater peace of mind.
Related Topics
- What is a Firewall Configuration? How to Set Up Your Firewall
- How to Allow Apps Through Your Windows Firewall & The Risks Involved
- How to Reset Firewall Settings in Windows Defender
- How to Hide or Show Firewall and Network Protection in Windows Security
- How to Allow Chrome to Access the Network in Your Firewall
