Restrict internet to email when tethered to mobile phone

[DaveBurren]

Hi,
I am running Windows 7 Professional 64 bit on a PC Specialist laptop.

Is there some way I can use Windows Firewall to only allow access to the internet for email (I use outlook 2013) and also say Chrome Browser?

Occasionally I use my iPhone to tether my windows 7 laptop, but I have a very limited data plan.

I would like to block Dropbox and Windows updates… and basically all programs except email and Chrome browser from having access to the internet… whenever I connect using my iPhone.

Could someone explain the steps on how to do this please?

At the end of each day when I return to the office, I will connect to normal WiFi to update Windows etc.

If Windows Firewall cannot do this, can you suggest a good tool/application that could do this?

Thanks in advance,
Dave

 

[ubuysa]

You can do this with Windows firewall, but it's going to be terribly fiddly and I wouldn't recommend you go down that route. It's going to create a potential troubleshooting nightmare in the future. That will be true whatever firewall you use.

The way to do it is to make sure that however you tether (WiFi, USB or Bluetooth) the local IP address you are assigned by the phone is different from the local IP address assigned by your router at home. I don't know how (or whether) you can change the local IP address when tethering to your phone, but you certainly can change the local IP address when connecting to your router.

You'll then need two rules for every process, both Inbound and Outbound, and there are a huge number of Internet capable processes. One rule will specify your local IP address when using the phone as the source IP address and for most applications you will choose to Block. The second rule for the same process will use your local IP address when using the router as the source IP address and for most applications you will choose Allow.

I would strongly suggest you not go down this route however, it's a lot of work and it creates a terrible can of worms that you might well come to regret in the future. It would be far better to set Windows Update to check for updates but not download them, and only download them when you are connected to your router, turn Dropbox off when using your phone, and turn off all other Internet capable applications when you are using your phone.

 

[Tony1044]

This is something built into Windows 10 called a metered internet connection.

https://www.howtogeek.com/226722/how-when-and-why-to-set-a-connection-as-metered-on-windows-10/

Not suggesting you upgrade purely for that reason but it's something to consider.

Actually though you could set your firewall to block all except... and then only open for the Chrome and Outlook..

This is one example: https://superuser.com/questions/402693/windows-firewall-block-everything-except-one-app-on-port-80

However, I am with Ubuysa. Lots of scope for problems and a lot over overhead in terms of work.

 

[DaveBurren]

Thanks Ubuysa and Tony1044,
I don't plan to upgrade to Windows 10... but thank you for the tip.

Sounds like wise advice by Ubuysa and backed up by Tony1044 not to mess around with the Firewall to do this.


Setting Windows Update to just check for updates without auto download seems a good solution... and looks it also is easy to Exit from Dropbox.

And i will monitor for the next few weeks to see if there are are any other applications that might chew up Data.

I discovered there is a 'paranoid' mode in BitDefender Total Security 2018 which I am running, which will show me any applications that try to access the internet.

Is there some other easy way to identify Internet capable applications that might chew up Data?


I imagine that this procedure to block applications from using up Data must be a common task that people must need to do.... so I am surprised there is no easy 'toggle switch' application that does it.

Best Wishes,
Dave

 

[Tony1044]

I imagine that this procedure to block applications from using up Data must be a common task that people must need to do.... so I am surprised there is no easy 'toggle switch' application that does it.

That's a bit trickier than you would expect as effectively you're stopping an application from doing something it's written to do. For example, if you blocked say TCP port 443 (https) then you would stop secure internet browsing no matter which web browser you used, you'd most likely stop Outlook as it uses this as well as a whole host of other applications.

So then how do you identify the applications? Your list isn't the same as someone else's. They may not all be installed in the same location. So you block by what? Executable name? How's that list built and found and applied?

You start to see how it quickly becomes difficult to manage.