Windows Firewall Remote IP Address Scope List Limit

Question

I had read in the answer to this question that the Remote IP Address scope list limit is 1000 in Windows Firewall for a given rule. I am however at 1043 entries in the remote IP Address scope list and still able to add more (both programmatically and interactively through the GUI) without issue. The question/answer specifically referenced Windows Server 2008R2 so I checked the behavior under that OS and it seems like the 1000 limit is not a problem there either.

Is the answer wrong or was there some sort of patch released since that question was asked/answered which upped the limit? I have looked on the internet to see if there is an upper limit to the scope list and have been unable to find any documentation other than the previously mentioned post.

Is there a realistic limit and what is it?

Answer 1

A Microsoft software engineer who worked on Windows Firewall provided an answer to essentially the same question:

Is anybody aware about Windows 2008 firewall limits like Max Number of Rules or Max Number of Remote Addresses?

And his answer:

There is no limit to how many rules can be added(other than the cap of UINT64 for the filterId), nor how many conditions can be in each filter (other than the cap of a UINT32 for the numFilterConditions).

Answer 2

For Anything older than Windows 11 / Server 2022, limit is 1000. Limit for Windows 11 and Server 2022 is now 10000. Found limits through trial and error.

Beware adding more than 10k conditions per type to the lower level windows filtering platform api on Windows 11 - you can get blue screens. Now I know why the windows firewall limit is 10000 and not higher on that operating system.