I have NIS 2011 and IIS 7 running on Windows 7.  I want to ensure that only the local machine can hit IIS.  I went to firewall > program control, added the IIS Worker Process, C:\windows\SysWOW64\inetsrv\w3wp.exe, and configured rules for that.  Should that work?