| # ============================================================ | |
| # BLOCK ALL EXTERNAL SERVER CONNECTIONS | |
| # บล็อกการเชื่อมต่อออกไปยังเซิร์ฟเวอร์ภายนอกทั้งหมด | |
| # ============================================================ | |
| $isAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) | |
| if (-not $isAdmin) { | |
| Write-Host "[ERROR] Run as Administrator!" -ForegroundColor Red | |
| exit 1 | |
| } | |
| Write-Host "`n========================================" -ForegroundColor Red | |
| Write-Host " BLOCK ALL EXTERNAL CONNECTIONS" -ForegroundColor Red | |
| Write-Host "========================================`n" -ForegroundColor Red | |
| # ============================================================ | |
| # 1. FIREWALL: BLOCK ALL OUTBOUND + ALL INBOUND | |
| # ============================================================ | |
| Write-Host "[1] Setting Firewall to BLOCK EVERYTHING..." -ForegroundColor Yellow | |
| Set-NetFirewallProfile -Profile Domain,Public,Private ` | |
| -Enabled True ` | |
| -DefaultInboundAction Block ` | |
| -DefaultOutboundAction Block ` | |
| -AllowUnicastResponseToMulticast False ` | |
| -AllowInboundRules False ` | |
| -AllowOutboundRules False ` | |
| -AllowLocalFirewallRules False ` | |
| -AllowLocalIPsecRules False | |
| Write-Host " [OK] ALL INBOUND = BLOCK" -ForegroundColor Green | |
| Write-Host " [OK] ALL OUTBOUND = BLOCK" -ForegroundColor Green | |
| # ============================================================ | |
| # 2. ALLOW ONLY LOCALHOST (127.0.0.1) | |
| # ============================================================ | |
| Write-Host "`n[2] Allowing ONLY localhost (127.0.0.1)..." -ForegroundColor Yellow | |
| New-NetFirewallRule -DisplayName "Allow-Localhost-Loopback" ` | |
| -Direction Both ` | |
| -RemoteAddress 127.0.0.1 ` | |
| -LocalAddress 127.0.0.1 ` | |
| -Action Allow ` | |
| -Profile Any | Out-Null | |
| New-NetFirewallRule -DisplayName "Allow-Localhost-Loopback-v6" ` | |
| -Direction Both ` | |
| -RemoteAddress "::1" ` | |
| -LocalAddress "::1" ` | |
| -Action Allow ` | |
| -Profile Any | Out-Null | |
| Write-Host " [OK] Localhost traffic allowed" -ForegroundColor Green | |
| # ============================================================ | |
| # 3. ALLOW ONLY LOCAL NETWORK (192.168.x.x, 10.x.x.x) | |
| # ============================================================ | |
| Write-Host "`n[3] Allowing ONLY local network (LAN)..." -ForegroundColor Yellow | |
| $localSubnets = @("192.168.0.0/16", "10.0.0.0/8", "172.16.0.0/12") | |
| foreach ($subnet in $localSubnets) { | |
| New-NetFirewallRule -DisplayName "Allow-LAN-$subnet" ` | |
| -Direction Both ` | |
| -RemoteAddress $subnet ` | |
| -Action Allow ` | |
| -Profile Any | Out-Null | |
| } | |
| Write-Host " [OK] Local network allowed: $localSubnets" -ForegroundColor Green | |
| # ============================================================ | |
| # 4. BLOCK ALL EXTERNAL IP RANGES | |
| # ============================================================ | |
| Write-Host "`n[4] Explicitly blocking external IP ranges..." -ForegroundColor Yellow | |
| # Block all public IP ranges (everything except private) | |
| $externalRanges = @( | |
| "0.0.0.0/1", # 0.0.0.0 - 127.255.255.255 (except loopback) | |
| "128.0.0.0/2", # 128.0.0.0 - 191.255.255.255 | |
| "192.0.0.0/9", # 192.0.0.0 - 192.127.255.255 | |
| "192.128.0.0/11", # 192.128.0.0 - 192.159.255.255 | |
| "192.160.0.0/13", # 192.160.0.0 - 192.167.255.255 | |
| "192.169.0.0/16", # 192.169.0.0 - 192.169.255.255 | |
| "192.170.0.0/15", # 192.170.0.0 - 192.171.255.255 | |
| "192.172.0.0/14", # 192.172.0.0 - 192.175.255.255 | |
| "192.176.0.0/12", # 192.176.0.0 - 192.191.255.255 | |
| "192.192.0.0/10", # 192.192.0.0 - 192.255.255.255 | |
| "193.0.0.0/8", # 193.x.x.x | |
| "194.0.0.0/7", # 194-195.x.x.x | |
| "196.0.0.0/6", # 196-199.x.x.x | |
| "200.0.0.0/5", # 200-207.x.x.x | |
| "208.0.0.0/4", # 208-223.x.x.x | |
| "224.0.0.0/4", # Multicast | |
| "240.0.0.0/4" # Reserved | |
| ) | |
| foreach ($range in $externalRanges) { | |
| $name = "Block-External-$($range.Replace('/','-'))" | |
| $exists = Get-NetFirewallRule -DisplayName $name -ErrorAction SilentlyContinue | |
| if (-not $exists) { | |
| New-NetFirewallRule -DisplayName $name ` | |
| -Direction Both ` | |
| -RemoteAddress $range ` | |
| -Action Block ` | |
| -Profile Any | Out-Null | |
| } | |
| } | |
| Write-Host " [OK] All external IP ranges blocked" -ForegroundColor Green | |
| # ============================================================ | |
| # 5. BLOCK ALL DNS (prevent DNS queries to external) | |
| # ============================================================ | |
| Write-Host "`n[5] Blocking external DNS (port 53)..." -ForegroundColor Yellow | |
| New-NetFirewallRule -DisplayName "Block-DNS-Outbound" ` | |
| -Direction Outbound ` | |
| -Protocol UDP ` | |
| -RemotePort 53 ` | |
| -Action Block ` | |
| -Profile Any | Out-Null | |
| New-NetFirewallRule -DisplayName "Block-DNS-Outbound-TCP" ` | |
| -Direction Outbound ` | |
| -Protocol TCP ` | |
| -RemotePort 53 ` | |
| -Action Block ` | |
| -Profile Any | Out-Null | |
| Write-Host " [OK] External DNS blocked" -ForegroundColor Green | |
| # ============================================================ | |
| # 6. BLOCK ALL COMMON EXTERNAL PORTS | |
| # ============================================================ | |
| Write-Host "`n[6] Blocking all common external ports..." -ForegroundColor Yellow | |
| $allPorts = @(20,21,22,23,25,53,67,68,69,80,110,119,123,135,137,138,139,143,161,162,389,443,445,465,514,515,587,636,993,995,1433,1434,1521,3306,3389,5432,5900,5985,5986,8080,8443,9090,27017) | |
| foreach ($p in $allPorts) { | |
| $name = "Block-Port-$p-Out" | |
| $exists = Get-NetFirewallRule -DisplayName $name -ErrorAction SilentlyContinue | |
| if (-not $exists) { | |
| New-NetFirewallRule -DisplayName $name ` | |
| -Direction Outbound ` | |
| -Protocol TCP ` | |
| -RemotePort $p ` | |
| -Action Block ` | |
| -Profile Any | Out-Null | |
| } | |
| } | |
| Write-Host " [OK] All common external ports blocked: $allPorts" -ForegroundColor Green | |
| # ============================================================ | |
| # 7. DISABLE NETWORK ADAPTERS (optional - uncomment if needed) | |
| # ============================================================ | |
| Write-Host "`n[7] Checking network adapters..." -ForegroundColor Yellow | |
| $adapters = Get-NetAdapter | Where-Object { $_.Status -eq "Up" -and $_.Name -notmatch "Loopback" -and $_.Name -notmatch "vEthernet" } | |
| foreach ($adapter in $adapters) { | |
| Write-Host " Found active adapter: $($adapter.Name) - $($adapter.InterfaceDescription)" -ForegroundColor Yellow | |
| Write-Host " -> Firewall rules applied (adapter NOT disabled)" -ForegroundColor Gray | |
| } | |
| # If you want to DISABLE adapters completely, uncomment below: | |
| # foreach ($adapter in $adapters) { | |
| # Disable-NetAdapter -Name $adapter.Name -Confirm:$false | |
| # Write-Host " [OK] Disabled adapter: $($adapter.Name)" -ForegroundColor Green | |
| # } | |
| # ============================================================ | |
| # 8. BLOCK WINDOWS TELEMETRY | |
| # ============================================================ | |
| Write-Host "`n[8] Blocking Windows telemetry..." -ForegroundColor Yellow | |
| $telemetryHosts = @( | |
| "vortex.data.microsoft.com", | |
| "vortex-win.data.microsoft.com", | |
| "telecommand.telemetry.microsoft.com", | |
| "oca.telemetry.microsoft.com", | |
| "sqm.telemetry.microsoft.com", | |
| "watson.telemetry.microsoft.com", | |
| "redir.metaservices.microsoft.com", | |
| "settings-sandbox.data.microsoft.com", | |
| "watson.ppe.telemetry.microsoft.com", | |
| "telemetry.appex.bing.net", | |
| "telemetry.urs.microsoft.com", | |
| "telemetry.appex.bing.net:443", | |
| "schemas.microsoft.com", | |
| "statsfe2.ws.microsoft.com", | |
| "corpext.msitadfs.glbdns2.microsoft.com", | |
| "compatexchange.cloudapp.net", | |
| "cs1.wpc.v0cdn.net", | |
| "a-0001.a-msedge.net", | |
| "a-0002.a-msedge.net", | |
| "fe2.update.microsoft.com.akadns.net", | |
| "diagnostics.support.microsoft.com", | |
| "corp.sts.microsoft.com", | |
| "statsfe1.ws.microsoft.com", | |
| "pre.footprintpredict.com", | |
| "i1.services.social.microsoft.com", | |
| "i1.services.social.microsoft.com.akadns.net", | |
| "feedback.windows.com", | |
| "feedback.microsoft-hohm.com", | |
| "feedback.search.microsoft.com" | |
| ) | |
| # Block telemetry IPs via hosts file | |
| $hostsPath = "C:\Windows\System32\drivers\etc\hosts" | |
| $hostsContent = Get-Content $hostsPath -ErrorAction SilentlyContinue | |
| $added = 0 | |
| foreach ($host in $telemetryHosts) { | |
| if ($hostsContent -notmatch $host) { | |
| Add-Content -Path $hostsPath -Value "127.0.0.1 $host" -Force | |
| $added++ | |
| } | |
| } | |
| Write-Host " [OK] Blocked $added telemetry hosts" -ForegroundColor Green | |
| # ============================================================ | |
| # 9. DISABLE AUTO-UPDATE (prevent external connections) | |
| # ============================================================ | |
| Write-Host "`n[9] Disabling Windows Update auto-connect..." -ForegroundColor Yellow | |
| $wuaPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" | |
| if (-not (Test-Path $wuaPath)) { | |
| New-Item -Path $wuaPath -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path $wuaPath -Name "NoAutoUpdate" -Value 1 -Type DWord -Force | |
| Set-ItemProperty -Path $wuaPath -Name "AUOptions" -Value 2 -Type DWord -Force | |
| Write-Host " [OK] Windows Update auto-connect disabled" -ForegroundColor Green | |
| # ============================================================ | |
| # 10. DISABLE CLOUD SERVICES | |
| # ============================================================ | |
| Write-Host "`n[10] Disabling cloud services..." -ForegroundColor Yellow | |
| $cloudPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\OneDrive" | |
| if (-not (Test-Path $cloudPath)) { | |
| New-Item -Path $cloudPath -Force | Out-Null | |
| } | |
| Set-ItemProperty -Path $cloudPath -Name "DisableFileSyncNGSC" -Value 1 -Type DWord -Force | |
| Write-Host " [OK] OneDrive sync disabled" -ForegroundColor Green | |
| # ============================================================ | |
| # DONE | |
| # ============================================================ | |
| Write-Host "`n========================================" -ForegroundColor Red | |
| Write-Host " ALL EXTERNAL CONNECTIONS BLOCKED!" -ForegroundColor Red | |
| Write-Host "========================================`n" -ForegroundColor Red | |
| Write-Host "Summary:" -ForegroundColor White | |
| Write-Host " [OK] ALL inbound = BLOCKED" -ForegroundColor Red | |
| Write-Host " [OK] ALL outbound = BLOCKED" -ForegroundColor Red | |
| Write-Host " [OK] Only localhost (127.0.0.1) allowed" -ForegroundColor Green | |
| Write-Host " [OK] Only local network (LAN) allowed" -ForegroundColor Green | |
| Write-Host " [OK] All external IPs = BLOCKED" -ForegroundColor Red | |
| Write-Host " [OK] All external DNS = BLOCKED" -ForegroundColor Red | |
| Write-Host " [OK] All common ports = BLOCKED" -ForegroundColor Red | |
| Write-Host " [OK] Windows telemetry = BLOCKED" -ForegroundColor Red | |
| Write-Host " [OK] Windows Update auto = DISABLED" -ForegroundColor Red | |
| Write-Host " [OK] OneDrive cloud sync = DISABLED" -ForegroundColor Red | |
| Write-Host "" | |
| Write-Host "YOUR COMPUTER IS NOW ISOLATED FROM THE INTERNET." -ForegroundColor Red | |
| Write-Host "Only local network (LAN) and localhost will work." -ForegroundColor Yellow | |
| Write-Host "" | |
| Write-Host "TO UNDO: Run 'Reset-Firewall' or manually restore firewall defaults." -ForegroundColor Gray | |
| Write-Host "" | |
| $resp = Read-Host "Restart now? (Y/N)" | |
| if ($resp -eq "Y" -or $resp -eq "y") { | |
| Write-Host "Restarting in 5 seconds..." -ForegroundColor Yellow | |
| Start-Sleep -Seconds 5 | |
| Restart-Computer | |
| } else { | |
| Write-Host "Please restart manually." -ForegroundColor Cyan | |
| } | |
Xet Storage Details
- Size:
- 11.5 kB
- Xet hash:
- 9406ca70f4aaa705fdf6d2e400167180d97169d03094528586d2a0143ecae1d7
·
Xet efficiently stores files, intelligently splitting them into unique chunks and accelerating uploads and downloads. More info.