#StackBounty: #firewall #windows-firewall #windows-10-preview Windows AdvFirewall Subnet/Port/Program Conflicting Rules

Bounty: 100

I’ve googled around, but don’t see any answer or any similar questions here. There is some content about how the Windows Advanced Firewall matches rules, but what I don’t understand is, what happens if you have conflicting subnet/port/application path rules? Say I have a program which talks across port 5555 over on a specific interface/subnet. If I allow outgoing traffic across port 5555, and allow all traffic across the subnet that it’s using, sometimes windows firewall will automatically create block rules for the program, so then I end up with rules like “allow all traffic across relevant subnet”, and “allow outbound tcp traffic over 5555”, but then I end up with a rule “block C:Pathtoapplication”, and sometimes the application doesn’t behave correctly.

So how does Windows Firewall deal with conflicting rules? Is there an order? Does it prefer one type (subnet vs port vs path)? I can add rules for the application path, but I guess I don’t understand why if I already have defined a subnet rule and a port rule, why I still get the windows firewall/defender window popup when a new application is opened, and if I don’t click allow, usually a block rule gets added, as an ‘application rule’, with the path to the application being the block criteria. Why doesn’t it search for, and find, a matching subnet rule or a port rule?

Any decent diagnostic tools or information or links to content about conflicting rules would be great…thanks!


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.