Blog: Introducing Firewall (#3400)

* Initial plan

* Add blog post: Introducing Firewall

Agent-Logs-Url: https://github.com/BornToBeRoot/NETworkManager/sessions/75dd8e9e-2942-498a-b5cd-1dd7d4ddafcc

Co-authored-by: BornToBeRoot <16019165+BornToBeRoot@users.noreply.github.com>

* Add Enabled and Description fields to firewall blog post Add/Edit rule list

Agent-Logs-Url: https://github.com/BornToBeRoot/NETworkManager/sessions/f094a888-9462-4d64-9c75-2818d802284c

Co-authored-by: BornToBeRoot <16019165+BornToBeRoot@users.noreply.github.com>

* Update "Try it now" section to point to pre-release download

Agent-Logs-Url: https://github.com/BornToBeRoot/NETworkManager/sessions/0743a88b-975a-4dc4-8b30-d0a94c2c8a26

Co-authored-by: BornToBeRoot <16019165+BornToBeRoot@users.noreply.github.com>

* Rename blog post directory to 2026-04-30 (today's date)

Agent-Logs-Url: https://github.com/BornToBeRoot/NETworkManager/sessions/f176c3d4-01a7-49f9-85b6-4e7322f38fb4

Co-authored-by: BornToBeRoot <16019165+BornToBeRoot@users.noreply.github.com>

* Update index.md

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: BornToBeRoot <16019165+BornToBeRoot@users.noreply.github.com>

Author: Copilot

Website/blog/2026-04-30-introducing-firewall/firewall-rule.png

@@ -0,0 +1,63 @@
+---
+slug: introducing-firewall
+title: Introducing Firewall
+description: "NETworkManager introduces the new Firewall feature. View, add, edit, enable, disable, and delete Windows Firewall rules managed by NETworkManager — all from a user-friendly interface."
+authors: [borntoberoot]
+tags: [firewall, windows firewall, security, new feature]
+keywords: [NETworkManager, Windows Firewall, Windows Defender Firewall, firewall rules, inbound, outbound, network security]
+---
+
+NETworkManager introduces a new feature, the `Firewall`. You can now manage Windows Firewall rules created by NETworkManager directly from within the app — no more jumping between MMC snap-ins for day-to-day tasks.
+
+This is especially useful if you frequently spin up local services (lab environments, dev boxes, game servers, small internal tools) and need a quick and repeatable way to open or block ports, restrict traffic to specific IP ranges, or scope rules to profiles like **Domain**, **Private**, or **Public**.
+
+![Firewall](./firewall.png)
+
+<!-- truncate -->
+
+## Manage rules safely (and without touching your system rules)
+
+The Firewall view intentionally focuses on rules managed by NETworkManager only.
+
+Every rule created via NETworkManager is stored with a `NETworkManager_` prefix in the Windows Firewall rule display name. This makes it easy to distinguish "your" rules from system-managed or third-party rules — and it allows NETworkManager to filter the list so you only see what it owns.
+
+## What you can do with the new Firewall feature
+
+- View firewall rules created by NETworkManager
+- Add new inbound or outbound rules
+- Edit existing rules
+- Enable or disable rules quickly
+- Delete rules you no longer need
+- Copy or export rule information
+- Refresh the list with `F5`
+- Open the native Windows Firewall console (`WF.msc`) via the **Windows Firewall Settings** button
+
+## Add / Edit rules — with the options you actually need
+
+When creating or editing a rule, NETworkManager exposes the most common and important fields in a clear dialog:
+
+![Add rule](./firewall-rule.png)
+
+- **Name**: Display name of the rule (the `NETworkManager_` prefix is added automatically and hidden in the UI)
+- **Enabled**: Whether the rule is active right after creation
+- **Description**: Optional description of the rule
+- **Direction**: Inbound / Outbound
+- **Action**: Allow / Block
+- **Protocol**: Any, TCP, UDP, ICMPv4, ICMPv6, GRE, L2TP
+- **Local / Remote ports**: Available for TCP and UDP; multiple ports and ranges separated by `;`
+- **Local / Remote addresses**: Supports single IPs, ranges, subnets (CIDR and subnet masks), and keywords such as `LocalSubnet` or `Internet`
+- **Program**: Limit the rule to a specific executable (optional)
+- **Interface type**: Any, Wired, Wireless, RemoteAccess
+- **Network profiles**: Domain / Private / Public (at least one must be selected)
+
+You can find all details (including examples for port and address formats) in the [official documentation](https://borntoberoot.net/NETworkManager/docs/application/firewall).
+
+## Administrator privileges
+
+Managing firewall rules requires elevated rights. If NETworkManager is not running as administrator, the Firewall view is **read-only**. Use the **Restart as administrator** button to relaunch NETworkManager with the required privileges.
+
+## Try it now
+
+You can test this feature in the [latest pre-release of NETworkManager](https://borntoberoot.net/NETworkManager/download#pre-release).
+
+If you find any issues or have suggestions for improvement, please open an [issue on GitHub](https://github.com/BornToBeRoot/NETworkManager/issues).