Windows - Firewall

> Operating System - Kernel (Windows, Unix, Linux) > Windows (and utilities)

1 - About

Network - Firewall in Windows

Advertising

3 - Default

Windows has a built-in firewall that blocks inbound connections.

3.1 - Profile

netsh advfirewall show currentprofile
Domain Profile Settings:
----------------------------------------------------------------------
State                                 ON
Firewall Policy                       BlockInbound,AllowOutbound
LocalFirewallRules                    N/A (GPO-store only)
LocalConSecRules                      N/A (GPO-store only)
InboundUserNotification               Enable
RemoteManagement                      Disable
UnicastResponseToMulticast            Enable

Logging:
LogAllowedConnections                 Disable
LogDroppedConnections                 Disable
FileName                              %systemroot%\system32\LogFiles\Firewall\pfirewall.log
MaxFileSize                           4096

Ok.

3.2 - Local Rule Applied

One liner to get the config for all profiles with Windows - netsh (Netshell)

netsh advfirewall monitor show firewall
Public Profile Settings:
----------------------------------------------------------------------
State                                 ON
Firewall Policy                       BlockInbound,AllowOutbound
LocalFirewallRules                    Enable
LocalConSecRules                      Enable
InboundUserNotification               Enable
RemoteManagement                      Disable
UnicastResponseToMulticast            Enable

Logging:
LogAllowedConnections                 Disable
LogDroppedConnections                 Disable
FileName                              %systemroot%\system32\LogFiles\Firewall\pfirewall.log
MaxFileSize                           4096

4 - Rules Properties

Configuration Properties for a rule

  • inbound traffic or outbound traffic.
  • the computers or users, program, service, or port and protocol.
  • type of network adapter (local area network (LAN), wireless, remote access, such as a virtual private network (VPN) connection, or all types)
  • Profile (used or not) - Domain, Private, Public
Advertising

4.1 - Outbound vs Inbound

  • outbound: network traffic originating from the computer
  • inbound: network traffic originating from the outside: If you want to run a Web server, then you must create an inbound rule that allows unsolicited inbound network traffic on TCP port 80.

4.2 - Profile

netsh advfirewall monitor show currentprofile
Domain Profile:
----------------------------------------------------------------------
HotITem.local
Ok.

5 - Order of precedence (Priority)

As soon as a network packet matches a rule, that rule is applied, and processing stops.

  • 1 - Authenticated bypass. These are rules in which the Override block rules option is selected. These rules allow matching network traffic that would otherwise be blocked. The network traffic must be authenticated by using a separate connection security rule. You can use these rules to permit access to the computer to authorized network administrators and authorized network troubleshooting devices.

  • 2 - Block connection. These rules block all matching inbound network traffic.
  • 3 - Allow connection. These rules allow matching inbound network traffic. Because the default behavior is to block unsolicited inbound network traffic, you must create an allow rule to support any network program or service that must be able to accept inbound connections.
  • 4 - Default profile behavior. The default behavior is to block unsolicited inbound network traffic, but to allow all outbound network traffic. You can change the default behavior on the Domain Profile, Private Profile, and Public Profile tabs of the Windows Firewall with Advanced Security Properties dialog box.

6 - Utility

netsh advfirewall ... # where advfirewall is the context
  • Windows Firewall with Advanced Security (wf.msc)
Advertising

7 - Rules Procedure for a Web Server

  • Create your rule ( for instance inbound TCP port 80 ) then
  • Restart the computer !

8 - Documentation / Reference