Keep out hackers and malicious tools
When you connect your PC to the internet, applications send and receive information through the network connection. Typically, you should have nothing to worry about this data exchange as it’s required for some apps and system functionalities to work correctly. On public or unsecured networks, however, you need to exercise extra caution.
One way to stay safe on public networks (e.g. Wi-Fi at hotels, airports, and restaurants) is to block incoming connections on your device. That’ll keep out hackers and other malicious tools on the network from gaining access to your computer.
Conversely, blocking outgoing connections can help prevent your apps from connecting to an unsafe internet network. It’s an effective way to stop a suspicious app/malware from downloading additional malware or communicating with its server.
Block Incoming Connection on Windows 10
You can restrict incoming connections by tweaking the Windows 10 Firewall settings. Here’s how to get it done.
1. Type control panel in the Windows Search bar and select Control Panel on the result.
2. Select Windows Defender Firewall.
Note: If you don’t find the Windows Defender Firewall option on your PC’s Control Panel, set the View by option at the top-right corner to either Large icons or Small icons and check again.
On the Windows Defender Firewall menu, you should see your connection profile: Private or Public/Guest networks.
3. Select Change notification settings on the left sidebar.
4. In the “Public network settings” section, check the box that reads “Block all incoming connections, including those in the list of allowed applications.” Select OK to save the changes.
If you don’t fully trust the safety of your private network(s), you can also block incoming connections for such networks in the “Private network settings” section.
Pro Tip: To change the profile of Wi-Fi or Ethernet connection, go to Settings > Network & Internet > Wi-Fi or Ethernet. Select the network name and specify if it’s a private or public network in the Network profile section.
Block Outgoing Connections on Windows 10
There are two ways to stop outgoing connections on Windows 10. Check them out below.
Method 1: Block Outgoing Connections for All Apps
You can easily restrict outgoing connections for all apps by modifying the Windows Firewall advanced security settings. In the Windows Defender Firewall menu, select Advanced settings on the left sidebar.
Right-click “Windows Defender Firewall with Advanced Security on Local Computer” and select Properties.
Go to the Public Profile tab if you’re connected to a public network, or the Private Profile tab if you want to block outgoing connections for a private network. For computers joined to a domain, the Domain Profile tab is the place to block outgoing connections.
Click the Outbound connections drop-down option and select Block. Select Apply and then OK to save the changes.
Method 2: Block Outgoing Connections for a Specific Program
Say you want to block outgoing connections for your web browser only, Windows lets you do that efficiently. This can also serve as a parental control tool to prevent your kids from accessing the internet.
In the Firewall Advanced Security menu, select and right-click Outbound Rules. Select New Rule on the context menu to proceed.
Select Program and select Next.
Select Browse to choose the application.
Go to Local Disk (C:) > Program Files (x86) to find applications installed on your PC. Use the search box to locate an app that isn’t in the Program Files folder. Select the application’s executable file (.exe) and select Open.
Select Next to proceed. Afterward, select Block the connection and click Next.
Specify the network profile(s) for which you want Windows to block the app’s outgoing connection. Select Next to proceed.
Give the outbound rule a name or a description and select Finish.
To unblock outgoing connections for the app, double-click on the outbound rule in the Firewall Advanced Security menu. Select Allow the connection, then select Apply and OK.
Alternatively, you could right-click on the rule and select Delete or Disable Rule. These options will also grant the app access to initiate outgoing connections.
Block Incoming Connections on Mac
Restricting incoming connections on Mac is also straightforward. Read the steps below.
1. Go to System Preferences > Security & Privacy.
2. In the Firewall tab, select the lock icon at the bottom-left corner.
Enter your Mac’s password or use Touch ID to access the security preferences menu.
3. Select Firewall Options to proceed.
4. To block system-wide (incoming) connections for all apps and services, check the Block all incoming connections box and select OK.
Your Mac will remain visible to other devices and networks when you block all incoming connections. However, no device or individual can establish a connection with your Mac.
Note that this will also render file-sharing services (e.g. AirDrop) and remote access tools (e.g. Screen Sharing) temporarily unavailable.
5. To block incoming connections for built-in software only, uncheck the Automatically allow built-in software to receive incoming connections.
6. If you wish to block incoming connections for a specific app or service, click the plus (+) icon.
7. Select the app(s) and select Add.
Pro Tip: To select multiple apps, hold Command and click the apps.
8. Click the up and down arrows next to the app(s) and select Block incoming connections.
Block Outgoing Connections on Mac
macOS lacks a native tool or built-in method to block outgoing connections. There’s a workaround that involves blocking a website’s IP address or domain name, but it isn’t straightforward. Likewise, the method can only be used to block outgoing connections to websites, not applications. Follow the steps below to try it out.
1. Launch a Finder window, go to Applications > Utilities and open the Terminal app.
2. Paste the command below in the Terminal console and press Return.
sudo cp /private/etc/hosts ~/Documents/hosts-backup
This command will create a backup of your Mac’s Hosts file in the Documents folder (Finder > Documents). The Hosts file is an important system file used by macOS to match domain names with their respective IP addresses.
3. Enter your Mac’s password and press Return.
4. Paste this next command in Terminal and press Return.
sudo nano /private/etc/hosts
This grants you administrative permission to modify the Hosts file. Enter your Mac’s password and press Return to proceed.
5. Type 127.0.0.1, press the Tab button on your keyboard, and enter the URL of the website you want to block. If you want to block YouTube, for example, type 127.0.0.1, press Tab, and type www.youtube.com.
6. Press Control + O and press Return on your keyboard.
7. Afterward, press Control + X.
8. Finally, type or paste dscacheutil -flushcache and press Return.
Launch your browser and visit the website you blocked. Your browser should display an error message saying it cannot connect to the website’s server.
Unblock Outgoing Connections on Mac
You can’t unblock an app’s outgoing connection by entering some Terminal codes or commands. You’ll need to restore the backup Hosts file you created while blocking the app’s connection. Follow the steps below to get it done.
1. Go to Finder > Documents, double-click the hosts-backup file, and copy its content.
2. On your Mac’s desktop, select Go on the menu bar and select Go to Folder.
3. Paste the path below in the dialog box and select Go.
/private/etc/hosts
4. Drag the hosts file to the desktop.
5. Double-click the file on the desktop, delete its content, and replace it with the content of the hosts-backup file (in Step 1 above).
Close the TextEditor window and drag the host file back to the /private/etc/ folder.
6. Select Replace on the prompt that comes up on the screen. You may also need to enter your Mac’s password or authenticate via Touch ID.
Visit the website on your browser and verify that it’s no longer blocked.
Use Third-Party Apps
Managing outgoing connections on macOS is quite exhausting. Interestingly, there are third-party apps like Little Snitch and Radio Silence that simplify the task. These apps aren’t free, but they offer generous trial modes that let you use them without payment for a specific period. Little Snitch (from $ 48.99) has a demo mode with a 3-hour limitation per session while Radio Silence ($9) offers a 30-day free trial.
We tested both apps and they blocked outgoing connections perfectly. Radio Silence is the cost-effective option but Little Snitch is feature-packed and sports advanced features like silent mode, alert mode, network map, and more.