Whitelist IP addresses in Windows Firewall is a vital component of system security, helping control network access to and from your computer. At times, you may want to allow only specific IP addresses to communicate with your machine—whether for trusted services, application connections, or remote access. This process is called “whitelisting.”

In this guide, you’ll learn how to manually whitelist both incoming and outgoing IP addresses using the Windows Defender Firewall with Advanced Security.

Step-by-Step Guide to Whitelist IP addresses in Windows Firewall

🔐 What Does “Whitelisting” Mean?

Whitelist IP addresses in windows firewall means allowing network traffic from or to that address through your firewall, bypassing normal restrictions. This is useful when you want to:

•  Give access to your system to a certain server
•  Let your server connect to only recognized external services
•  Restricting communication to reliable sources will improve security.

🛠️ Requirements

• Administrator access to the Windows system
• IP addresses you want to allow (e.g., trusted servers or services)

🎯 Example IPs

Let’s assume you have the following IPs:

• Incoming trusted IP: 121.242.XXX.XXX
• Outgoing trusted IPs:
  • 121.242.XXX.XXX (Disaster Recovery server)
  • 121.242.XXX.XXX (Production server)

How to Whitelist an Incoming IP Address

1. Press Windows + R, type wf.msc, and press Enter to open Windows Firewall with Advanced Security.
2. On the left, select Inbound Rules.
3. On the right, click New Rule.
4. Choose Custom and click Next.
5. For Program, select All Programs, then Next.
6. For Protocol and Ports, keep default settings (Any), then click Next.
7. In the Scope section:
   • Under “Which remote IP addresses does this rule apply to?”, select “These IP addresses”
   • Click Add and enter: 121.242.XXX.XXX
8. Click Next → choose “Allow the connection” → Next.
9. Apply to all applicable profiles (Domain, Private, Public) and click Next.
10. Give the rule a name like: Allow Inbound from 121.242.XXX.XXX
11. Click Finish.

✅ Done! This IP can now send traffic to your system.

How to Whitelist Outgoing IP Addresses

1. Open Windows Firewall with Advanced Security (wf.msc).
2. On the left, choose Outbound Rules.
3. Click New Rule on the right.
4. Select Custom → Next.
5. Choose All Programs → Next.
6. Leave Protocol and Ports as default → Next.
7. In the Scope section:
   • Under “Which remote IP addresses does this rule apply to?”, select “These IP addresses”
   • Add each IP:
     • 121.242.XXX.XXX
     • 121.242.XXX.XXX
8. Click Next → choose “Allow the connection” → Next.
9. Apply to all profiles → Next.
10. Name the rule something like: Allow Outbound to Trusted IPs
11. Click Finish.

✅ Now your machine can communicate out only to those specific IPs.

📌 Best Practices

• Only whitelist IPs you trust completely.
• Always double-check the IP addresses before adding them.
• Monitor your firewall logs to confirm that traffic is flowing as expected.
• Use descriptive names for each rule to make future management easier.

🧰 Bonus: Automate with PowerShell (Optional)

If you’re managing multiple machines or prefer scripting, you can use PowerShell to create these rules automatically. Let me know if you’d like the script version!

Final Thoughts

Whitelist IP addresses in Windows Firewall is a practical way to harden your system’s network security. By allowing only known and trusted IPs for communication, you reduce the attack surface and gain more control over your network traffic.

Need help managing firewall rules in bulk or across servers? Feel free to reach out!

Would you like this blog turned into a formatted Word or HTML version?

Read related,

https://blog.vcclhosting.com/ip-addressing-and-subnetting-a-quick-guide/: How to whitelist IP addresses in windows firewall?

FAQ

Related