none
DROPped connections despite creating "Inbound Rule"?

    Question

  • I made an Inbound Rule for a program which listens on port 1234.

    The rule is defined as follows:

    Name: testing

    Group: (blank)

    Profile: All

    Enabled: Yes

    Action: Allow

    Override: No

    Local Address: Any

    Remote Address: Any

    Protocol: Any

    Local Port: Any

    Remote Port: Any

    Authorized Users: Any

    Authorized Computers: Any

    Authorized Local Principals: Any

    Local User Owner: Any

    Application Package: Any

    With so many things set to "Any", I'd expect this to work. It doesn't. I get a timeout whenever I try to connect from another machine. I can connect correctly from the same (host) machine, however.

    Log file on host machine showing dropped connections from remote machine on the same network (host is 192.168.1.12, remote is 192.168.1.11):

    2016-05-26 21:40:23 DROP TCP 192.168.1.11 192.168.1.12 49462 1234 52 S 1792208054 0 8192 - - - RECEIVE
    2016-05-26 21:40:24 DROP TCP 192.168.1.11 192.168.1.12 49463 1234 52 S 2144268134 0 8192 - - - RECEIVE
    2016-05-26 21:40:26 DROP TCP 192.168.1.11 192.168.1.12 49462 1234 52 S 1792208054 0 8192 - - - RECEIVE
    2016-05-26 21:40:27 DROP TCP 192.168.1.11 192.168.1.12 49463 1234 52 S 2144268134 0 8192 - - - RECEIVE
    2016-05-26 21:40:32 DROP TCP 192.168.1.11 192.168.1.12 49462 1234 48 S 1792208054 0 8192 - - - RECEIVE
    2016-05-26 21:40:33 DROP TCP 192.168.1.11 192.168.1.12 49463 1234 48 S 2144268134 0 8192 - - - RECEIVE
    2016-05-26 21:40:44 DROP TCP 192.168.1.11 192.168.1.12 49464 1234 52 S 3317763335 0 8192 - - - RECEIVE
    2016-05-26 21:40:45 DROP TCP 192.168.1.11 192.168.1.12 49465 1234 52 S 2491006501 0 8192 - - - RECEIVE
    2016-05-26 21:40:47 DROP TCP 192.168.1.11 192.168.1.12 49464 1234 52 S 3317763335 0 8192 - - - RECEIVE
    2016-05-26 21:40:48 DROP TCP 192.168.1.11 192.168.1.12 49465 1234 52 S 2491006501 0 8192 - - - RECEIVE
    2016-05-26 21:40:54 DROP TCP 192.168.1.11 192.168.1.12 49464 1234 48 S 3317763335 0 65535 - - - RECEIVE
    2016-05-26 21:40:54 DROP TCP 192.168.1.11 192.168.1.12 49465 1234 48 S 2491006501 0 8192 - - - RECEIVE

    I turn off my firewall it all works perfectly. No drops and the program connects correctly. That's obviously not an option though.

    Any hints?

    Saturday, May 28, 2016 7:46 PM

All replies

  • From your post port is set to any, application package is set any so this rule would appear to allow any connection to anything. As such I suspect Windows Firewall is ignoring it, as it in affect opens the firewall up completely.

    How was this rule setup? a port rule or program rule? Either way I would expect to see something in port or program (if that was application package is showing)

    Try creating the rule as port rule for port 1234 see if that does what is expected.
    • Edited by -Mr Happy- Saturday, May 28, 2016 9:04 PM
    Saturday, May 28, 2016 8:53 PM
  • Yes, sorry. I didn't mention the Program field. It is set to F:\proj\TestGrapes\ConsoleApplication1\ConsoleApplication1\bin\Release\ConsoleApplication1.exe.

    It was set up as a program rule.

    I have also tried just now setting the Protocol Type to TCP, and local/remote ports to 1234, just in case the rule wasn't specific enough. This caused no effect and I still get the DROP TCP logs as seen above.


    I tried it with only the port rules and any program and still get DROPs.

    Saturday, May 28, 2016 9:15 PM
  • Ok thanks, can see now you copy what the columns show.

    Well tried a test using iperf and port 1234 and by default blocked, created a port 1234 rule it connects. So odd Windows 8.1 Enterprise firewall working as expected for me. It is a clean install.

    Export of rule;

    Name	Group	Profile	Enabled	Action	Override	Program	Local Address	Remote Address	Protocol	Local Port	Remote Port	Authorized Users	Authorized Computers	Authorized Local Principals	Local User Owner	Application Package	
    _test		All	Yes	Allow	No	Any	Any	Any	TCP	1234	Any	Any	Any	Any	Any	Any	

    Do you have many rules setup? Thinking can you Restore Default Policy and see if that helps.

    Saturday, May 28, 2016 9:48 PM
  • Oh boy, I'm getting red in the face.

    I didn't set the firewall on the client side.

    Setting up iperf helped me realize that though, so thank you.

    Edit: no that can't be right, it makes no sense... but somehow it works. I honestly have no idea.

    Saturday, May 28, 2016 10:06 PM
  • So setting up a client rule worked, a port rule? The app now works?

    I did not setup a client rule (client is Windows 10) for iperf, outbound normally more tolerant.

    Saturday, May 28, 2016 10:14 PM
  • As far as I can tell, yes. Either that, or the previous "any program on port 1234" rule took a long time to take effect. Outbound is set to allow by default on both machines, which is odd that I needed a rule for it.

    It is still strange to me that the "specific program on any port" rule did not work; however, the way that I set this up is sufficient for my needs.

    Again, thank you for helping me resolve this issue.


    Saturday, May 28, 2016 10:24 PM
  • In addition, if you are experiencing any troubles, feel free to let us know.We will be more than happy to be of assistance:)


    Please mark the reply as an answer if you find it is helpful.

    If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Tuesday, May 31, 2016 1:20 AM
    Moderator