I want to have Default Outgoing Connection to be Allowed for Any on Any port. Then -> I want to block connections from the server to any IP address on Outgoing port 25 but to allow the server to connect only to a mail proxy server. Example: Rule1: Block Outgoing Any to Any on port 25 Rule2: Allow Outgoing Any to IPClass(122.122.122.0/24) on port 25 -> this should overwrite the Rule1. How can I do that ? I am using Windows Firewall with Advanced Security on Windows 2008 Server.

Thank you for the answer. Just wanted to make sure that the requested settings are not possible using Windows Firewall with Advanced Security on Windows 2008 Server. It is sad that such advanced firewall has no feature for ordering Rules because I now that Block Outgoing Any to Any on port 25 is possible and Allow Outgoing Any to IPClass(122.122.122.0/24) on port 25 is also possible. The problem is that the Blocking Rule always will take priority over the Allow Rule and there is no way to change the order the Rules will be processed which makes the requested scenario impossible. The purpose of the requested settings are to make sure no program on the Computer can send Email messages using outside mail server except of one authorized mail Server ( IP address ). The same also will be helpful for non Server computer for example in Small Office without firewall directly connected to Cable provider.

In "standard" firewall there is a sequence of rules. You do not allow port 25 in the very first rule, that allow all ports and last rule forbids all. On the other side it is not good habit to open all ports (ANY to ANY). You can open all ports and do the filtering on router. In native firewall settings there is functionality that does not allow for sequencing rules. Regards Milos PS: You may give a try to simple free firewall like that of Comodo

I would love to remove Any to Any on the Outgoing - but the problem is that when I try to open like 200 ports I have to write them one by one delimited with comma. I did not find a way to put ranges of ports. For example, instead of writing port 1,2,3 ...200,201 to write 1-201. It is not practical to write 100 or 1000 ports one by one. Some programs that makes connection to the outside, first connect then received a port where to send the data. This is the reason I need ranges of ports to be open but Port 25 to be closed except for 1 class of IPs. Do you know how to write ranges of ports in Allow rule for Outgoing not writing them one by one delimited with comma ? If it is possible then I will Block Any port on Outgoing by default then write Allow 1-24 and Allow 26-65535.