The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 4,224 other subscribers
«
»

Windows Firewall: Block rules take precedence over Allow rules

Posted by jpluimers on 2018/05/07

Reminder to self for Windows Firewall: Block rules take precedence over Allow rules (see * below as actually it is even more complex); [WayBackFirewall Rule Properties Page: General Tab has

Firewall rules are evaluated in the following order:

  1. Allow if secure with Override block rules selected in the Customize Allow if Secure Settings dialog box.
  2. Block the connection.
  3. Allow the connection.
  4. Default profile behavior (allow or block as specified on the applicable Profile tab of the Windows Firewall with Advanced Security Properties dialog box).

Within each category, rules are evaluated from the most specific to the least specific. A rule that specifies four criteria is selected over a rule that specifies only three criteria.

Which means that this will block TCP port 1024 traffic to bar.exe:

The Block rules are inserted by Windows if you click “Cancel” on a dialog like this (note the lowercase path, despite the application being at C:\Program Files (x86)\Foo\Bar.exe):

The problem is that the “Windows Firewall with Advanced Security” does not refresh with the F5, so initially you will not see the Block rules. Only after a manual refresh through the context menu helps:

After that, you disable the rule (or delete it, but then Windows will re-add it when you restart the application and cancel out of the dialog), then the Allow rule will take effect:

* Precedence is even more complex

Actually the precedence is even more complex, as explained by [WayBackOrder of Windows Firewall with Advanced Security Rules Evaluation, the order is this:

  1. Windows Service Hardening
  2. Connection security rules.
  3. Authenticated bypass rules.
  4. Block rules.
  5. Allow rules.
  6. Default rules.

–jeroen

PS:

Referenced by [Wayback] Linux HowTo: Windows AdvFirewall Subnet/Port/Program Conflicting Rules – TECHPRPR with these references of which I missed the first in my post:

This entry was posted on 2018/05/07 at 12:00 and is filed under Firewall, Infrastructure, Power User, Windows. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Windows Firewall: Block rules take precedence over Allow rules”

  1. Linux HowTo: Windows AdvFirewall Subnet/Port/Program Conflicting Rules - TECHPRPR said

    2020/08/17 at 04:35

    […] Windows Firewall: Block rules take precedence over Allow rules […]

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

«
»
 
%d bloggers like this: