Local/Public 2 IP card networks

Jun 15, 2016 at 8:58 AM

1st of all thanks for this amazing program ! Love it !

2nd I have this network

1IP card = Public = Internet access Block all incoming/outgoing connections prompt question for programs that access internet let me decided yes/no

2IP card = Private = LAN - No firewall = let all trafic without anny problem.
The problem is I have program that wants to access internet and want to access lan, but if I block it the LAN is blocked as well so I have to allow it to internet if I want to have it over lan.
Can any 1 help me if its my fault or if its program fault?
Jun 16, 2016 at 9:30 AM
You could try adding the IP-address of your Public connection as a source/destination IP on all the rules, but that's a big hassle. I suggest instead you go into the settings of the Windows Firewall, and remove your Private connection from its protection. This way, the Windows Firewall doesn't interfere with anything on that network card anymore, and all traffic should go through unhindered.
Jun 16, 2016 at 9:13 PM
A unsecure approach, but is a temporary solution. I think he's trying to suggest a feature where he can block internet access but allow LAN access. Not sure if it is possible to do with WFN, might be something Windows Firewall itself needs to do, but I will let the developers decide what is and isn't possible to do (I am just a tech support, haha).
Jun 17, 2016 at 8:32 AM
What about just an option to say - allow all Lan traffic ?
Jun 17, 2016 at 3:29 PM
But then WFN would need to know exactly what the LAN IPs are. There's three main IP-ranges, but often VPN's live there too. And not all subnets are always in use, and I'd rather not automatically add IP-ranges to a white-list if they aren't supposed to be allowed.

However, since it is possible to add IP-ranges to Windows Firewall (for example, see: http://www.cm3solutions.com/block-ip-address-ip-range-using-windows-firewall/ ) it should be possible to make WFN create rules based on IP-ranges, and thus either allow or block entire subnets/LANs. I'll see what can be done about this.

(Note that there's a related feature request: 1696 )