Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot filter outgoing flows with Windows Defender Firewall #6936

Closed
1 of 2 tasks
Stef-Alb opened this issue May 12, 2021 · 3 comments
Closed
1 of 2 tasks

Cannot filter outgoing flows with Windows Defender Firewall #6936

Stef-Alb opened this issue May 12, 2021 · 3 comments
Labels
network

Comments

@Stef-Alb
Copy link

Windows Build Number

Microsoft Windows [version 10.0.18363.1533] + Microsoft Windows [version 10.0.21376.1]

WSL Version

  • WSL 2
  • WSL 1

Kernel Version

5.4.72 + 5.10.16

Distro Version

Debian (TheDebianProject.DebianGNULinux_76v4gfsz19hv4)

Other Software

No response

Repro Steps

Windows context :

  • Only one physical network adapter (Wi-Fi), configured in IPv4 only (IPv6 disabled)
  • Wi-Fi adapter connected to my local network (192.168.1.1/24), with "private" profile
  • Windows Firewall enabled on all profiles, with "Block" action for both Inbound and Outbound
  • Explicit rule created to block outgoing flows on Wi-Fi adapter :
    New-NetFirewallRule -Direction Outbound -InterfaceAlias "Wi-Fi" -Action Block -Enabled True -DisplayName "Test1"
  • Explicit rule created to block ingoing flows on vEthernet adapter :
    New-NetFirewallRule -Direction Inbound -InterfaceAlias "vEthernet (WSL)" -Action Block -Enabled True -DisplayName "Test2"

Linux command : lynx http://212.27.63.127

Expected Behavior

The WSL2 VM should not be able to contact the remote server (host unreachable)

Objective
I want to filter outgoing flows from WSL (used in "desktop" mode) with Windows Defender Firewall. Just like for Windows apps. For security purpose, I need to block these flows by default and allow only specific remote IP addresses.

Remarks
With default configuration, I can see in Wireshark the flow going in the vEthernet adapter and out the Wi-Fi adapter.
Filtering in the WSL VM is not an option as user has full control on it

Actual Behavior

The WSL2 VM is able to contact the remote server (returns HTTP/404)

Diagnostic Logs

No response
@therealkenc
Copy link
Collaborator

Was able to reproduce locally on 21370, but the steps presented do not block access to remotes (for me at least) in Windows either. What is the result of curl.exe http://212.27.63.127 after your Net-NetFirewallRule -Direction Outbound step?

image

@Stef-Alb
Copy link
Author

Stef-Alb commented May 13, 2021
edited
Loading

Thank you for your response. I tested the command on Windows side (builds 18363 and 21376) and connection is blocked:

Test CURL @Insider

Same result in Edge (ERR_NETWORK_ACCESS_DENIED)

NB: I also set the default action for outgoing connections to "Block", on all profiles. But even with "Allow" default action, the Outbound firewall rule is sufficient to block the outgoing flows on Windows side.

@microsoft-github-policy-service Microsoft GitHub Policy Service
Copy link
Contributor

This issue has been automatically closed since it has not had any activity for the past year. If you're still experiencing this issue please re-file this as a new issue or feature request.

Thank you!

@github-actions github-actions bot mentioned this issue Nov 20, 2024
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
network
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@therealkenc @benhillis @Stef-Alb