I think I've worked it out, well it seemed to work here but it's 0220 and I've got to get up in 2 hours
Anyway, by default WFwAS, (Windows Firewall with Advanced Security), allows all outgoing connections so you have to set it to Block connections by default for the Private profile.
You then need to create rules for the programs you want to let through, including your browsers, just like you would with a normal firewall.
Once you've done that, you can limit the access your browsers have by using the netsh command like above but using the remoteip option, (not profile or enable).
eg. remoteip=any Full access
remoteip=192.168.0.1/24 LAN access only
Sorry, my screw up with the mis-leading profile stuff above, (I think old age is catching up to me).