3

Let's say you have two rules, one that block and the other that allows the connection from the exact same IP. Which rule takes precedence?

Here is some context: I created a script that will block any suspicious activity (for example, if some one tries to access too many times with admin user, it will create a firewall rule to block that IP) but sometimes there are exceptions and I create another rule to allow access to that exact IP.

What will Windows Advanced Firewall do?

Improve this question
1
  • Hey, I know I can simply remove the blocked rule or change it to allow access. There are possibly many other ways to do that with policies, etc but I want to know what happens in such cases? Will windows consider the latest rule? Or will it allow access for allowed to connect IP over the blocked ones? Take this other scenareo: a rule that blocks all IP. Another rule that allows an IP. Will windows let connect that IP or will it block it? You get the idea.
    – Koobecaf Eliforp
    Commented Jul 9, 2013 at 18:19

1 Answer 1

Reset to default
2

According to the Order of Windows Firewall with Advanced Security Rules Evaluation article:

Block rules. This type of rule explicitly blocks a particular type of incoming or outgoing traffic. Because these rules are evaluated before allow rules, they take precedence. Network traffic that matches both an active block and an active allow rule is blocked.

Improve this answer
1
  • thanks buddy. This answers my question and allows me to improve my script to not add a block rule when an allow rule is present.
    – Koobecaf Eliforp
    Commented Jul 9, 2013 at 19:43

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .