Perhaps my question is a very similar with that one: https://social.msdn.microsoft.com/Forums/en-US/ea31f8b6-2f92-4a26-af9b-b1ae31913663/how-to-prevent-automatic-creation-of-firewall-rules?forum=w7itprosecurity
But I can't believe that such security gap can exist.
I have a list of win servers with Internet faced interfaces. These hosts are not part of AD domain. So, how can I prevent regular exposing new port to the whole Internet when some application requires it?
I clearly understand how to achieve this with Domain Group Policy but it's not the case here. Also, for instance, it can be configured in 1 minute in Linux using iptables. But here I feel confused. I tried Local Group Policy but it only can add some rules to firewall and not overwrite them.
So, to sum up I need to be able set a list of Firewall rules somewhere and be sure that no new connection possible unless I manually (or using some automation) edit this list. List can be individual for each server. It's distribution is another task. But it should be a single source for rules on host.
Thank you in advance!