Windows Firewall troubleshooting (Preconfigured rules)

Hello, After making a lot of testings I discovered several issues with Windows firewall in Windows 8.1 but before really declaring them "Issues" I need somebody to confirm these.

To make my tests as clean as possible I fresh installed and fully updated Windows 8.1 on two separate laptops which are now connected to the same wireless gateway.

I made a home group and picked several tools for troubleshooting such as Process explorer, mTail, Powershell, TCP View and so on.

I also extensively studied Windows firewall documentation long time ago and can't believe I stuck so bad.

Here is a list of reproducible scenarios for which I need your help:

I'm configuring Windows Firewall trough local group policy, the firewall is configured to ignore all default rules and all the predefined rules thus these do not apply to my configuration, instead I created my own copy by using Powershell.

1. ICMP filtering does not work with custom rules

I created ICMP allow rules without restrictions, ie. "allow all ICMP to anywhere" inbound and outbound but ICMP packets are still dropped, however when importing predefined ICMP rules packet will not be dropped. my custom rules are 100% identical to the Predefined rules but they do not work for some reason.

2. same as with ICMP case custom made home group related rules (Network discovery, WM Player etc...) also do not work even though they are 100% identical to predefined rules and even less restrictive the predefined ones.

Which means home Group will not work.

Windows firewall is useless without predefined rules, making own copy of these rules does not work. can you confirm or explain why is that so? what is so special about predefined rules?

3. when creating a new rule in Windows Firewall snap-in there is an option to specify remote address from drop down list ie. "Local subnet" "WINS" and so on. however this will not work for IPv6 addresses, for example "Local subnet" applies to IPv4 only and requires a user to create it's own rules for IPv6 Link-Local scope.

I think I figured out why is that so, the Teredo adapter looks like it has some public profile while my active network profile is private and my firewall rules for public IPv6 did not exist in that time. need someone to confirm Teredo adapter profile please.

4. creating a rule for Windows update by enabling a coresponding update service will not work, instead I need to allow PORT 80 for svchost and all the services, this was not required in Windows 7.

I will continue my testing with hope that some Windows update will fix currently unstable firewall

to the state where it was in Windows 7 where this strange behavior has not been visible so much, currently It is impossible to rely on Windows Firewall with my amount of knowledge, hopefully you can give some information.

I seek somebody to explain why this behavior is happening in this version of windows and what the heck is so special about predefined rules?

I'm creating some PS scripts for firewall which I give to you for testing purposes to reproduce my observations and confirm that Windows firewall is dropping packets regardless of allow rules.

Not only dropping but it is also allowing inbound connections even though my firewall is set to block all packets that do not match an allow rule. that's disappointing!

Thank you!

April 19th, 2015 10:00am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics