How can I restrict windows 7 to only use the local subnet, but block the internet
Solution 1:
Option #1 (Windows Firewall rules)
You could create a firewall rule to block these connections. Follow these steps:
Change the default firewall behavior to block outbound network connections:
- Enter "firewall" from the Start search and open "Windows Firewall with Advanced Security".
- Notice which firewall profile is active. It says "... is active" in the overview list.
- Click on
Windows Firewall Properties
- Change state for Outbound connections for the active profile to
Block
. - Click OK to apply.
Create a firewall rule to allow local network outbound connections:
Go to
Outbound Rules
and selectNew Rule...
from the Actions in the right pane.Rule type should be
Custom
:Go to the
Scope
step and for the remote IP address, selectthese IP addresses
, thenAdd..
, thenPredefined set of computers
and finallyLocal Subnet
.Go to
Name
step, enter name of "Allow local Subnet" and click Finish.
You're done configuring it!
Control via script
To block all outbound Internet traffic:
netsh advfirewall set currentprofile firewallpolicy blockinbound,blockoutbound
To allow all outbound Internet traffic
netsh advfirewall set currentprofile firewallpolicy blockinbound,allowoutbound
Option #2 (Specialized software)
If you are trying to block Internet access as a result of excessive Internet usage, there is specialized software that can block all Internet access when monthly or daily Internet traffic exceeds pre-defined maximum. Local network access is still allowed, though. One such program is DU Meter, which also has many other bells and whistles related to Internet bandwidth management on Windows computer.
Disclaimer: I'm the author of DU Meter.
Solution 2:
If you disable DHCP then set an IP address and subnet mask but leave default gateway blank, then your computer will be unable to access outside the local network.
If someone is an administrator over the local machine, they would be able to reverse this if they were trying, but if that isn't a concern then this should work.
Solution 3:
If you're working through the GUI in Windows 8.x:
-
set the Scope of the Local IP address to "Any IP address"
-
set the Remote IP address to "These IP addresses"
-
select "Internet" under the list of "Predefined set of computers"
Make sure to check the correct profile that is assigned to the network card that you want this rule to work on. Lastly:
-
check that the rule is enabled
-
set the Action to "Block the connection"
The rule is active immediately