Windows 10: what is meaning of *inbound connections that do not match a rule are blocked* listed in...

Is there anything wrong with my pc security

:)

 

Inbound Firewall Rule that Blocks

Code:

Please help me understand how the 2 Inbound Rules created by MMC actually operate.

Action, Enabled, Service, Program,                     Protocol

Block,  Yes,     Any,     C:\windows\system32\mmc.exe, TCP

Block,  Yes,     Any,     C:\windows\system32\mmc.exe, UDP
If these 2 rules were Outbound Rules, I'd say that client process 'mmc.exe' is blocked.

But applying equivalent logic (that 'mmc.exe' is blocked) to Inbound Rules doesn't make sense -- why would 'mmc.exe' (which created these Rules) block itself?

What (somewhat) makes sense is that 'mmc.exe' is a requester, and that these rules block all TCP & UDP datagrams & all processes.

If so, then there's quite a difference between Outbound & Inbound Rules.

In Outbound Rules, 'Program' specifies the target (the process that's blocked), whereas in Inbound Rules, 'Program' specifies the requester (the process that provokes blocking).

This is crucial reasoning because, if correct, then, as a consequence, every process is the target of Inbound Rules that Block.

What about Inbound Rules that Allow? I've always assumed that an Inbound+Allow means the specified 'Program' installs a listener (i.e., has handler(s) for the specified socket(s)).

I think that's pretty straightforward.

I've read what Microsoft provides and it's grossly inadequate -- what a surprise, eh?

Microsoft documentation presents only trivial explanation of how to complete the fields (example: "Type the path to the program in the text box"), or the tutorial's scope is limited (example: "On the Action page, select Allow the connection, and then click
 Next" -- no mention of "Block the connection").

Other web hits are just plain wrong (examples: "Program – Block or allow a program"; "Program - creates rule that controls connections for an app or program"; "if you are downloading a file through BitTorrent, the download of that file is filtered through an
 inbound rule" -- Rules control connections, not streams) or show ridiculous cases (example: "I want to block all outgoing connections on port 80").
Does anyone know of an architectural reference or guidebook that explains how Firewall Rules are implemented in a running system?
Warm Regards -- Mark.

 

firewall rule to block addresses NOT on an IP list?


I am just starting to learn the Windows Firewall (working on both Windows 7 and 10) and I'm not impressed with the inflexibility of its rules. I would like to know if


1. Is there is a way to do what I want with Windows Firewall?
2. Is there is a third-party firewall that would do it?


What I want to do is create a rule that blocks outgoing connections, for program X, that are to a destination **NOT** in an IP list.


Windows Firewall is not very flexible in how you specify IP list rules. When you give an IP list, your rule will match that list... you can't say "trigger the rule for non-matching IP addresses." Therefore to allow outgoing connections to a list, you have to


1. Change the entire firewall policy to block outgoing connections by default so that you can create an "allow rule" matching your list. This will mess up the rest of your programs.


2. Somehow combine a block rule and allow rule. Create a block rule for most traffic, with the "allow" rule overriding it when appropriate. However, this doesn't appear to be possible in general. It **may** be possible for connections that use IPSec, I'm not sure. And I'm not sure if I can use IPSec in my application.

And is there a third-party firewall that can do it? Most 3rd-party firewalls are LESS sophisticated than Windows Firewall, because the use case they are addressing is providing an interface that doesn't require much comprehension. I need one that's actually MORE sophisticated than Windows Firewall.

 

Windows firewall: e-mail is on, yet inbound port 143 (imap) is blocked

Hi Cacadril,

We appreciate you for being a part of Windows 10.

Before proceeding, we need more information to help you better.

• 
  Are the computer connected to domain network?
  
• 
  Which are the email accounts you are working on? Is it Outlook.com/Office Outlook/other email accounts?
  

Until you get back to us with required information, I suggest you to refer to the suggestions.

Windows Firewall filters information coming into your PC from the Internet, blocking potentially harmful programs. Follow the below steps to access the interface and rules.

• 
  Open the start menu, type firewall in the search box and select
  Windows Firewall.
  
• 
  Click on Advanced settings on the left navigation pane.
  
• 
  Enter the admin credentials if any dialog box prompted.
  
• 
  In advanced settings panel, you may change the settings related to Inbound rules/Outbound rules/connection security rules/monitoring.
  

Note: If your PC is connected to network, you might not be able to change your Windows Firewall settings because of network policies. Contact your administrator for more information.

Kindly let us know the required information if you need any further assistance with the issue. We are glad to assist you.

Thank you.