1

I have noticed that Windows Firewall only blocks incoming traffic, for example, if I tried to listen on port 12345, it will display a warning dialog asking me if I want to allow it.

However, if I tried to connect to any IP on any port it will not display any warning. So does anyone knows why it does not block outgoing traffic also?

I am using Windows 7 Ultimate 64-bit.

user427378
  • 11
  • 1
  • 2
  • What research have you done about how the firewall works? – CharlieRB Mar 12 '15 at 13:00
  • 3
    most consumer firewalls are incoming only by default - it saves confusion for the average user, who would otherwise just click 'yes' to everything, until they got sick of it & switched it off altogether. – Tetsujin Mar 12 '15 at 13:01
  • @Tetsujin not just the average user, I think even techie users, if their firewall kept bothering them would click yes yes yes and turn it off altogether. – barlop Mar 12 '15 at 14:56
  • @barlop I'm probably not the average user, but I use a corporate firewall, explicit rules for in & out, plus an outgoing-only firewall on my Mac [on the assumption if it can get in past the first one, the second, consumer one isn't going to be much help] The win machines have no 'personal' firewall. The entire setup is to prevent the above scenario. – Tetsujin Mar 12 '15 at 15:09
  • @Tetsujin right that sounds like a wise alternative to software that frequently prompts you over outgoing connections, it seems you wouldn't want that on your windows machine. What software are you using on your MAC, and when you say outgoing only, do you mean blocks incoming? it sounds like (understandably) you don't have and don't want frequent prompting on your mac either. That was my point. Not only the average user wouldn't want it but the techie or above average techie, generally wouldn't want it either. – barlop Mar 12 '15 at 15:49
  • What I tell you is dont use windows firewall. It has vulnerabilities. I prefer using a built in firewall in an Internet Security suit. which will not ask you each time for each app. Kaspersky is love ... – TechLife Mar 12 '15 at 15:55
  • @barlop I use Little Snitch on Mac - & yes, until you build up its ruleset it does get in your face, but I prefer safe to sorry – Tetsujin Mar 12 '15 at 16:12

2 Answers2

2

The Windows 7 firewall can.

The Windows XP firewall it seems couldn't block outgoing How do I block all outgoing ports in Windows XP firewall?

The Windows 7 Firewall can block outgoing

see where it says "outbound rules" outbound means outgoing

enter image description here

And look at the text under domain,private and public

It states the default policies.. so for inbound, it's a whitelist (that's stricter), for outbound it's a blacklist (that's more lenient).

A blacklist means let everything through unless it's listed to not be let through.

A whitelist means block everything unless it's listed to be let through.

So a whitelist would be more permissive. Like what at a real life event would be called 'by invitation only'. So the packet arrives if it's on the list it's allowed in and the firewall has done its thing for that packet, if the packet is not on the list then continue with the instruction to just block everything. A blacklist is equivalent to when everybody is invited unless they're on a list of people not allowed to come. So a packet arrives, if it's on the blacklist then you block it and the firewall has done its thing for that packet, otherwise, continue to the next instruction which is to allow everything.

For outbound, the default of a blacklist enables you to browse the web easily. The outbound rule is by default the more permissive one.

For inbound, the default is a whitelist.. So if you run any servers(i.e. listening), then a client(i.e. computer initiating a connection) can only reach them, if you have allowed it to.

You can change these policies. And you can add or remove or change rules in the list of rules, for inbound or for outbound.

enter image description here

Community
  • 1
barlop
  • 23,380
  • 43
  • 145
  • 225
0

By default windows firewall functions as follows:

  • Inbound - Block all unless in the list (Whitelist)
  • Outbound - Allow all unless in the list (Blacklist)

You want to Block all Inbound and all Outbound connections by default. The way (though somewhat hidden away) is to change the settings as follows in these 3 easy steps:

1) Go to: Control Panel\System and Security\Windows Firewall

2) There, right-click as shown in the screen shot, and click properties: Firewall settings screenshot

3) Change Outbound Connections to Block for each profile Now you can add only the programs you want to the list.

You can import/export rules by right clicking the same as in screenshot above and selecting Export Policy. It imports/exports the whole thing. So you can experiment, disabling rules and making your machine more secure. For example my settings are as follows (excluding my programs):

Inbound - there's not a single rule here!

Outbound - only "Core Networking - DNS (UDP-Out)" is enabled

Emil
  • 341
  • 2
  • 5