Windows 10: Windows Firewall - all inbound/oubound allowed but still some applications are blocked

Hi,


I have the following network setup:


Network 1: computer A and B

Network 2: computer B and C


Computer B has two network adapters with separate subnets.


All computers have the same firewall settings.

- Firewall = ON

- Inbound connections = Allow

- Outbound connections = Allow


In addition I have 1 custom rule on computer B: All inbound connections from computer C is blocked


With this setup I would think that any type of communication between A and B is allowed, but I find this is not the case.

Example: From machine A I want to execute a command on machine B remotely and I try this command

WMIC /node:ComputerB process call create “sc stop servicename”


But then I get en RPC could not be reached error.



Researching the matter I find that I have to go to Control Panel and search Firewall. And the select "Allow an app through Windows firewall".

And then from the allowed apps list I have to find "Remote Assistance" and enable "Public". Then my command will work.


Can someone explain to me why "inbound allowed" does not already cover this?


Thanks in advance

Leifster

:)

 

Inbound Firewall Rule that Blocks

Code:

Please help me understand how the 2 Inbound Rules created by MMC actually operate.

Action, Enabled, Service, Program,                     Protocol

Block,  Yes,     Any,     C:\windows\system32\mmc.exe, TCP

Block,  Yes,     Any,     C:\windows\system32\mmc.exe, UDP
If these 2 rules were Outbound Rules, I'd say that client process 'mmc.exe' is blocked.

But applying equivalent logic (that 'mmc.exe' is blocked) to Inbound Rules doesn't make sense -- why would 'mmc.exe' (which created these Rules) block itself?

What (somewhat) makes sense is that 'mmc.exe' is a requester, and that these rules block all TCP & UDP datagrams & all processes.

If so, then there's quite a difference between Outbound & Inbound Rules.

In Outbound Rules, 'Program' specifies the target (the process that's blocked), whereas in Inbound Rules, 'Program' specifies the requester (the process that provokes blocking).

This is crucial reasoning because, if correct, then, as a consequence, every process is the target of Inbound Rules that Block.

What about Inbound Rules that Allow? I've always assumed that an Inbound+Allow means the specified 'Program' installs a listener (i.e., has handler(s) for the specified socket(s)).

I think that's pretty straightforward.

I've read what Microsoft provides and it's grossly inadequate -- what a surprise, eh?

Microsoft documentation presents only trivial explanation of how to complete the fields (example: "Type the path to the program in the text box"), or the tutorial's scope is limited (example: "On the Action page, select Allow the connection, and then click
 Next" -- no mention of "Block the connection").

Other web hits are just plain wrong (examples: "Program – Block or allow a program"; "Program - creates rule that controls connections for an app or program"; "if you are downloading a file through BitTorrent, the download of that file is filtered through an
 inbound rule" -- Rules control connections, not streams) or show ridiculous cases (example: "I want to block all outgoing connections on port 80").
Does anyone know of an architectural reference or guidebook that explains how Firewall Rules are implemented in a running system?
Warm Regards -- Mark.

 

Firewall no longer allowing "Allowed" program on Inbound Rule

Using Windows 10 and trying to allow a program to access my computer remotely through a specified port.

This used to work by allowing it in the firewall settings and turning on both public and private firewalls.

Now I have to turn off the public firewall to allow it to access my computer remotely even though it is in the inbound rules list with :

Profile: Private, Public

Enabled: Yes

Action: Allow:

Program: [path to program]

Everything else : any

This allowing used to work but now it doesn't.

 

Windows Firewall blocking program even with inbound/outbound rule enabled.

Windows firewall is like a fart when you have squirty dumplings, you shouldn't really trust it.


Disable the private network firewall, if the application works fine do this.

Open a CMD prompt window with admin rights. type in "netstat" without the quotes and press enter. You should get a list of what IP and port is connecting to what port and or service. Open those ports for the application, or just allow those ports to be unfiltered.