Firewall Google server with Windows 10 communication apps

Earlier I wanted to use Windows 10 modern communication apps (Mail, Calendar and People) with my google account. But windows uses svchost.exe for a lot of task including windows update and syncing of email, calendar,.. I use firewall and didn’t wanted to complete outbound access to svchost.exe and wanted to create rule only for Google servers. Here is my research. Hopefully it might help someone.

nslookup -q=TXT _spf.google.com

gets us `”v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all”`

nslookup -q=TXT _netblocks.google.com

nslookup -q=TXT _netblocks2.google.com

nslookup -q=TXT _netblocks3.google.com

gets us

“v=spf1 ip4: ip4: ip4: ip4: ip4: ip4: ip4: ip4: ip4: ip4: ip4: ip4: ~all”

“v=spf1 ip6:2001:4860:4000::/36 ip6:2404:6800:4000::/36 ip6:2607:f8b0:4000::/36 ip6:2800:3f0:4000::/36 ip6:2a00:1450:4000::/36 ip6:2c0f:fb50:4000::/36 ~all”

“v=spf1 ip4: ip4: ~all”


I don’t use IPv6 so I am throwing the IPv6 results. Just merge the rest IP ranges by a comma and you will get


These are google public IP ranges you will ever access.

Now just  create an outbound firewall rule.

– Use these IP range as remote address

– Remote port: 993 (IMAP), 465 (SMTP), 443 (HTTPS), 80 (HTTP)

– Program path: C:\windows\system32\svchost.exe

– Direction: Outbound


Just create it and you are good to go.



How to install Windows Subsystem for Linux (BashOnWindows) offline on Windows


  1. Fiddler
  2. HTTP Web server (Apache/Nginx/Any other)


How To:

  1. First enable Windows Subsystem for Linux from “Program and Features” -> “Turn Windows features on or off”
  2. Restart Windows (MS has a thing for rebooting)
  3. Download one of the image and host it on your local web server if not done already
  4. Start Fiddler and enable “Automatic Breakpoints” (Alt+F11)
  5. Start command prompt and run “lxrun /install /y”
  6. Switch to Fiddler. You will see a request to “https://go.microsoft.com/fwlink/?LinkID=730581”. Click on “Headers” tab -> Right click on “Location” -> “Edit Header” -> Paste your local link URL (i.e. http://localhost/xenial-server-cloudimg-amd64-root.tar.gz) and click on Save -> Run to Completion
  7. There will be another request to “http://localhost/xenial-server-cloudimg-amd64-root.tar.gz”.  Just click on “Run to completion” this time.
  8. After some time, there will again another request to download “ubuntu.ico”. Just allow it.
  9. Create a new user and you are ready to go!

Note for Ubuntu 16.04 users:

There is an issue with “sudo” command in Ubuntu 16.04 build. You will get sudo: no tty present and no askpass program specified. There are two simple possible solutions that I am aware of to fix it.

  • Use “sudo -S” each time. Execute echo $'\n'"alias sudo='sudo -S'" >> ~/.bashrc to create a permanent alias for it
  • Set the default user as root. Execute “LxRun.exe  /setdefaultuser root” in command prompt to do that