Isolate VM from LAN, allowing WAN

The following PowerShell script adds a rule to the Firewall of a Windows VM that blocks all traffic to the local network, except the gateway which makes it possible to still access the Internet. The script is executed once in the VM, with administration rights.

$RuleSplat = @{
 Name = "{6B6DB3C0-DE26-4C11-9AE0-A831C74E75A9}"
 Displayname = "MYRULE: No local network but gateway"
 Description = "Blocks access to all 192.168.*.*/24, except supposed to be the gateway. Expected mask is /24."
 Enabled = "True"
 Profile = "Any"
 Direction = "Outbound"
 Action = "Block"
 EdgeTraversalPolicy = "Block"
 LooseSourceMapping = $False
 LocalOnlyMapping = $False
 LocalAddress = "Any"
 RemoteAddress = @("", "")
 Protocol = "Any"
 LocalPort = "Any"
 RemotePort = "Any"
 IcmpType = "Any"
 DynamicTarget = "Any"
 Program = "Any"
 Service = "Any"
 InterfaceAlias ="Any"
 InterfaceType = "Any"
 LocalUser = "Any"
 RemoteUser = "Any"
 RemoteMachine = "Any"
 Authentication = "NotRequired"
 Encryption = "NotRequired"
 OverrideBlockRules = $False

Get-NetFirewallRule -EA SilentlyContinue -Name $RuleSplat.Name | Remove-NetFirewallRule
New-NetFirewallRule -EA Continue @RuleSplat


Potentially, the scripts has to be surrounded with:

Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope CurrentUser
Set-ExecutionPolicy -ExecutionPolicy AllSigned -Scope CurrentUser

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.