- I have in inbound rule to allow all communication with MyApp.exe
- I have an outbound rule to block all traffic to 192.168.0.88
Can MyApp.exe communicate with 192.168.0.88 – I don't understand which rule takes precedence.
Security – Windows Server 2008 Firewall: Do inbound rules override outbound rules
firewallSecuritywindows-firewallwindows-server-2008
Related Topic
- Security – Our security auditor is an idiot. How to give him the information he wants
- Outbound Firewall Rules on Windows Server 2008
- Firewall – Applying outbound connection rules PER USER in Windows Firewall with Advanced Security
- Security – Configure Windows Firewall to block all except for specific traffic
- Changing Windows Server default firewall outbound to block
Best Answer
I will caveat my answer with this: I havn't worked with Windows 2008 firewall and they may be doing something non-standard. That being said the way every firewall that I have worked with the answer depends on if you are using TCP or UDP for communication.
If you are using TCP, then yes the traffic should be allowed, rules are applied to NEW connections, so if you had an inbound TCP connection from 192.168.0.88 it would be allowed by the inbound rule. Since TCP is stateful the TCP session is then tracked inside the firewall and all return traffic for that session is allowed back outbound.
If you are using UDP, then the answer is no. Since UDP is not stateful the firewall cannot track the session as there is none, and you need to allow that traffic both ways through the firewall as each side of the conversation is seen as a NEW connection in the firewall.