Blog

Local LLM Stack for Secure Software Development

This entry is part 2 of 2 in the series Local LLM Stack

As part of my ongoing work as a software engineer advancing my AI integration skills, I recently built a local LLM stack for secure software development.
This setup allows me to use AI-assisted code generation and analysis entirely offline — ensuring that none of my proprietary software or client data leaves the local environment.

In this post, I’ll walk through how I configured a private AI development environment using Ollama and Llama 2 on Windows 11, complete with outbound network blocking and activity verification.

🎯 Project Goals

  • Build and configure a local AI stack to assist software development
  • Ensure no code ever leaves the local machine
  • Maintain compatibility with modern tools while preserving security and compliance

Platforms like Ollama, GPT4All, Llama.cpp, and Hugging Face Transformers now make it possible to run LLMs entirely offline, without requiring any Internet connection.

⚙️ Building a Local LLM Stack for Secure Software Development: Step-by-Step Setup

  1. Install Ollama
    Download the installer from ollama.com/download.
  2. Pull a Model
    From the command line: ollama pull llama2
  3. Verify Installation ollama list
  4. Test the Setup
    • Run a quick generation: ollama run "Write a Python function to reverse a string"
    • Or start an interactive session: ollama chat

🔒 Locking Down Outgoing Connections for Secure Development

To prevent proprietary code or data from leaving your system, I configured Windows Defender Firewall to block outbound traffic from Ollama.

Steps:

  1. Open Windows Defender Firewall with Advanced Security
    • Press Win + S
    • Search for “Windows Defender Firewall with Advanced Security”
    • Open it
  2. Create a New Outbound RuleProgram
    Create new outbound rule
  3. Select the Program Path
    Choose: C:\Program Files\Ollama\ollama.exe
  4. Block the Connection, then Name the Rule
    Something like: “Ollama Block from Internet”
    Outbound rule configuration
  5. Verify the Rule is Active
    Check your Outbound Rules list and confirm that the rule is enabled.

🧠 Verifying Your Local LLM Stack Remains Fully Offline

Once blocked, I monitored traffic to ensure ollama.exe makes no external connections.

Using Resource Monitor

  1. Press Ctrl + Shift + Esc → open Task Manager
  2. Go to the Performance tab → click Open Resource Monitor
  3. Under Network, search for ollama.exe

For deeper visibility, tools like Netstat or Wireshark also help confirm network lockdowns.

🧩 Advanced Security Options for Local AI Engineering

To strengthen isolation:

  • Block all incoming traffic
  • Run the stack within Windows Sandbox (with Internet disabled)
  • Use third-party isolation tools like Sandboxie Plus

🧱 Alternative Local AI Stack Options for Developers

Another interesting route is the Podman Desktop AI Lab, which supports containerized AI environments that are simple to firewall and manage offline:

👉 Explore Podman AI Lab

💡 Conclusion

I’m passionate about developing high-impact software systems—and leveraging AI to do so. This example demonstrates practical engineering around privacy-preserving AI deployment and local model integration, key skills for enterprises exploring AI without risking data exposure.

CR Johnson

As a software engineer with over a decade of experience working for Fortune 50 companies developing software for Windows, the web, and a few interplanetary spacecraft, she's programmed in a plethora of languages including the C#/ASP.NET stack and, recently, Rails. She has tweaked more CSS files than she can count and geeks out a little on data and SQL databases. In her spare time she works on her first novel and enjoys bicycling and dark chocolate.