Stealth Firewall
Stealth Firewall gives you granular control over which applications can access the internet. Block unwanted connections, prevent applications from phoning home, and ensure only trusted software communicates over your network.
How It Works
Stealth Firewall is a friendly front-end on top of Windows Defender Firewall. It uses PowerShell (Get-NetFirewallRule and friends) to read, create, and modify rules. Everything you create here lives in the native Windows firewall, so rules persist even when Stealth isn't running.
What it adds on top of raw Windows firewall:
- Searchable, filterable rule list
- "By Application" pivot that joins program-path filters to rules
- One-click block/allow shortcuts for any application
- Live profile management (Domain / Private / Public)
- Connection summary by TCP state
- One-click export of all rules
Rule Modes
| Allow | Connection is permitted |
| Block | Connection is dropped |
Windows firewall only supports allow/block at the rule level - that's the full set.
Views
- All Rules - every firewall rule on the system
- By Application - rules grouped by the program path they apply to
- Profiles - Domain / Private / Public network profile state
Filtering & Search
- Filter by direction (Inbound / Outbound)
- "Enabled only" toggle to hide disabled rules
- Search box matches rule name, description, and program path
- Auto-refresh interval is configurable in settings
Creating a Rule
- Click Add Rule
- Enter a name, direction (inbound/outbound), and action (Allow/Block)
- Optionally pick a program path
- Optionally set protocol, local/remote ports, and remote address
- Choose which profiles it applies to (Domain, Private, Public)
- Save
Rules apply immediately and persist across reboots in Windows firewall.
App Shortcuts
Two one-click actions for any application:
| Block App | Creates an outbound rule blocking the program |
| Allow App | Creates an outbound rule explicitly allowing the program |
Useful for quickly preventing telemetry, blocking phone-home traffic, or whitelisting an app you trust.
Profile Management
For each Windows network profile (Domain, Private, Public) you can:
- See current state - on/off, default inbound action, default outbound action
- Toggle the profile on or off
- Change the default inbound or outbound action
Connection Summary
The toolbar shows aggregated TCP connection counts by state, pulled live from Get-NetTCPConnection:
| LISTEN | Sockets waiting for inbound connections |
| BOUND | Sockets bound but not yet listening |
| ESTABLISHED | Active connections in progress |
| CLOSE_WAIT | Connections being torn down |
This complements Network Monitor when you want a quick health view from inside Firewall.
Export Rules
Export the current rule set (rules + profile state) to a JSON file. Useful for backup before bulk changes, sharing a configuration across machines, or auditing what's currently active.
Common Use Cases
Block telemetry. Stop chatty applications from sending usage data by blocking their outbound network access entirely.
Stop silent updates. Prevent apps from auto-updating without consent by blocking their connection paths.
Lock down public Wi-Fi. Tighten the Public profile when you're on an untrusted network, and relax it again at home.
Audit suspicious processes. Use the By Application view to see exactly what rules already exist for a given executable.
Working With VPN
Stealth Firewall and Stealth VPN work side by side. Combine them for layered protection: use the VPN for tunnel-level encryption, use the firewall to block specific apps from connecting at all, and use Split Tunneling to choose which apps go through the tunnel.
Best Practices
- Start with the App Shortcuts before writing custom rules
- Export rules before any large change so you can roll back
- Audit periodically - Windows firewall accumulates rules from installers
- Don't disable a profile entirely unless you understand the consequences
- Run Stealth elevated for full access; mutations require admin