A firewall can help prevent hackers or malicious software (such as worms) from gaining access to your computer through a network or the Internet. A firewall can also help stop your computer from sending malicious software to other computers.

You can customize four settings for each type of network location in Windows Firewall. To find these settings, follow these steps:

  1. Open Windows Firewall by clicking the Start button Picture of the Start button, and then clicking Control Panel. In the search box, type firewall, and then click Windows Firewall.

  2. In the left pane, click Turn Windows Firewall on or off. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

Here's what the settings do and when you should use them.

Picture of the Customize Settings dialog box
Customize Settings dialog box


Turn on Windows Firewall

This setting is selected by default. When Windows Firewall is on, most programs are blocked from communicating through the firewall. If you want to allow a program to communicate through the firewall, you can add it to the list of allowed programs. For example, you might not be able to send photos in an instant message until you add the instant messaging program to the list of allowed programs. To add a program to the list, see Allow a program to communicate through Windows Firewall.


Block all incoming connections, including those in the list of allowed programs

This setting blocks all unsolicited attempts to connect to your computer. Use this setting when you need maximum protection for your computer, such as when you connect to a public network in a hotel or airport, or when a computer worm is spreading over the Internet. With this setting, you aren't notified when Windows Firewall blocks programs, and programs in the list of allowed programs are ignored.

When you block all incoming connections, you can still view most webpages, send and receive e‑mail, and send and receive instant messages.


Open a port in Windows Firewall

If Windows Firewall is blocking a program and you want to allow that program to communicate through the firewall, you can usually do that by selecting the program in the list of allowed programs (also called the exceptions list) in Windows Firewall. 

However, if the program isn't listed, you might need to open a port.

  1. Open Windows Firewall by clicking the Start button Picture of the Start button, and then clicking Control Panel. In the search box, type firewall, and then click Windows Firewall.

  2. In the left pane, click Advanced settings. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

  3. In the Windows Firewall with Advanced Security dialog box, in the left pane, click Inbound Rules, and then, in the right pane, click New Rule.

  4. Follow the instructions in the New Inbound Rule wizard.