UEU-co logo


Previous Page Next Page

Understanding Windows Firewall Rules

The Windows Firewall allows or denies network traffic based on the rules that have been created and configured for the firewall. You can create three types of rules: inbound rules, outbound rules, and connection security rules. Let’s look at inbound and outbound rules and then at connection security rules, which are a slightly different animal.

Inbound rules are designed to “unblock” inbound traffic (connections) as defined by the rule. Remember that the default Inbound Connections setting for the three profile types (Domain, Private, and Public) is Block. Outbound rules are designed to “block” outbound connections as defined by a specific rule. The default setting for Outbound Connections is Allow, and so it makes sense that Outbound rules would need to negate this completely open doorway (in terms of outbound connections) by blocking the application or port traffic.

You can create four types of inbound or outbound rules. (The next section walks you through the actual steps of creating a rule.) These rule types are

It becomes fairly obvious when you open the Windows Firewall with Advanced Security snap-in and select either the Inbound Rules or the Outbound Rules node that a number of both inbound and outbound preconfigured rules are available by default. You can filter the rules list (for inbound or outbound) in the Details pane, making it easier to concentrate on rules that are for a certain connection profile or rules that are in a certain state (enabled or disabled).

With either the Inbound Rules or the Outbound Rules node selected, click Filter by Profile (Domain, Public, or Private) to filter the rules by one of the connection profiles. You can also filter the rules by state (Filter by Enabled or Filter by Disabled). Figure 21.4 shows the inbound rules filtered by the Enabled state.

Figure 21.4. You can filter the rules list in the Details pane.

[View full size image]

You can also filter the selected rule type (inbound or outbound) by the Windows service or program with which the rule is associated; each service or program is referred to as a group. For example, you can filter the rules by Remote Desktop (select Filter by Group and then Filter by Remote Desktop) and find that there is only one default rule (inbound rule) related to the Remote Desktop feature (or group if you prefer). When you have finished viewing the rules that meet the criteria of a specific filter, click the Clear All Filters action in the Actions pane to view all the rules.

You can open an existing rule’s properties from the Details pane (whether the list is filtered or not). Double-click a rule (inbound or outbound) and the Properties dialog box for that rule opens (see Figure 21.5).

Figure 21.5. A firewall inbound rule’s Properties dialog box.

By the Way

You cannot edit all the properties of a predefined rule; in many cases the program associated with the rule cannot be changed, and the ports and protocols set for the rule cannot be changed. Both of these make sense because rules are often associated with a particular Windows service or program that then uses specific ports and protocols for communication.

A rule’s Properties dialog box contains six tabs:

You can modify existing rules as needed (although some predefined rule settings cannot be changed). If you need to create a new rule, follow the steps in the section that follows.

Previous Page Next Page

Leave a Reply

Time limit is exhausted. Please reload the CAPTCHA.


apply_nowPepperstone Group Limited