First some background. One should need Windows 10 Build 17627 or higher to support Firewall with WSL connections. Here is the section from WSL release notes:
Build 17627 (Skip Ahead)
WSL
- Windows firewall support for WSL processes. [GH 1852]
- For example, to allow the WSL python process to listen on any port, use the elevated Windows cmd:
netsh.exe advfirewall firewall
add rule name=wsl_python dir=in action=allow
program="C:\Users\<UserName>\AppData\Local\Packages\canonicalgrouplimited.ubuntuonwindows_79rhkp1fndgsc\localstate\rootfs\usr\bin\python2.7"
enable=yes
- For additional details on how to add firewall rules, see link
Next step, find absolute path of the Linux executable that wants Internet connection. The full path can be divided into three parts:
C:\Users\UserName\AppData\Local\Packages
-- Path where Universal Windows Platform apps store user specific files, temporary files etc.
CanonicalGroupLimited.Ubuntu18.04onWindows_79rhkp1fndgsc\LocalState\rootfs
-- Path where Ubuntu 18.04 Appx package store Ubuntu usersapce files i.e. /bin
, /etc
, /usr
and others.
\bin\ping
-- Linux ping
binary.
Hence the whole path is:
C:\Users\UserName\AppData\Local\Packages\CanonicalGroupLimited.Ubuntu18.04onWindows_79rhkp1fndgsc\LocalState\rootfs\bin\ping
You can use the following PowerShell script to get that path. Just enter ubuntu
when it asks to enter Distribution name.
$DistroName=Read-Host "Enter Distribution Name"
$pacakgeName = (Get-AppxPackage *$DistroName*).PackageFamilyName
$appData = [System.Environment]::ExpandEnvironmentVariables("%LocalAppData%")
$InstallDir = $appData + "\Packages\" + $pacakgeName + "\LocalState\rootfs"
echo $InstallDir
Invoke-Item $InstallDir
Read-Host -Prompt "Press any key to continue..."
Final step, add the firewall rule. For Windows Firewall, run this command as administrator to add Outbound firewall rule.
netsh.exe advfirewall firewall add rule name=wsl_ping dir=out action=allow program=<path_to_ping> enable=yes
For Avast Firewall, follow this instruction from Avast Support. Open Settings > General > Exclusion and add the path from previous step.
Canonical answers: