Firewall Google server with Windows 10 communication apps

Earlier I wanted to use Windows 10 modern communication apps (Mail, Calendar and People) with my google account. But windows uses svchost.exe for a lot of task including windows update and syncing of email, calendar,.. I use firewall and didn’t wanted to allow complete outbound access to svchost.exe and wanted to create rule only for Google servers. Here is my research. Hopefully it might help someone.

nslookup -q=TXT _spf.google.com

gets us `”v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all”`

nslookup -q=TXT _netblocks.google.com

nslookup -q=TXT _netblocks2.google.com

nslookup -q=TXT _netblocks3.google.com

gets us

“v=spf1 ip4: ip4: ip4: ip4: ip4: ip4: ip4: ip4: ip4: ip4: ip4: ip4: ~all”

“v=spf1 ip6:2001:4860:4000::/36 ip6:2404:6800:4000::/36 ip6:2607:f8b0:4000::/36 ip6:2800:3f0:4000::/36 ip6:2a00:1450:4000::/36 ip6:2c0f:fb50:4000::/36 ~all”

“v=spf1 ip4: ip4: ~all”


I don’t use IPv6 so I am throwing the IPv6 results. Just merge the rest IP ranges by a comma and you will get


These are google public IP ranges you will ever access.

Now just  create an outbound firewall rule.

– Use these IP range as remote address

– Remote port: 993 (IMAP), 465 (SMTP), 443 (HTTPS), 80 (HTTP)

– Program path: C:\windows\system32\svchost.exe

– Direction: Outbound


Just create it and you are good to go.



How to install Windows Subsystem for Linux (BashOnWindows) offline on Windows


  1. Fiddler
  2. HTTP Web server (Apache/Nginx/Any other)


How To:

  1. First enable Windows Subsystem for Linux from “Program and Features” -> “Turn Windows features on or off”
  2. Restart Windows (MS has a thing for rebooting)
  3. Download one of the image and host it on your local web server if not done already
  4. Start Fiddler and enable “Automatic Breakpoints” (Alt+F11)
  5. Start command prompt and run “lxrun /install /y”
  6. Switch to Fiddler. You will see a request to “https://go.microsoft.com/fwlink/?LinkID=730581”. Click on “Headers” tab -> Right click on “Location” -> “Edit Header” -> Paste your local link URL (i.e. http://localhost/xenial-server-cloudimg-amd64-root.tar.gz) and click on Save -> Run to Completion
  7. There will be another request to “http://localhost/xenial-server-cloudimg-amd64-root.tar.gz”.  Just click on “Run to completion” this time.
  8. After some time, there will again another request to download “ubuntu.ico”. Just allow it.
  9. Create a new user and you are ready to go!

Note for Ubuntu 16.04 users:

There is an issue with “sudo” command in Ubuntu 16.04 build. You will get sudo: no tty present and no askpass program specified. There are two simple possible solutions that I am aware of to fix it.

  • Use “sudo -S” each time. Execute echo $'\n'"alias sudo='sudo -S'" >> ~/.bashrc to create a permanent alias for it
  • Set the default user as root. Execute “LxRun.exe  /setdefaultuser root” in command prompt to do that