[10v1803b17134.285] Changes about windows firewall rules?

[xilolee]

Premise:

Read More:

I block everything inbound/outbound (or ingoing/outgoing) and allow the programs I decide with the windows firewall rules.
The minimum configuration to navigate in internet is (usually) to enable dns udp 53 and tcp 80/443 for the preferred browser (both in outbound rules).

In these last two days I updated windows with the latest updates.
This morning I wasn't able to have internet access (with my firewall rules).
I investigated a bit and I found now I need to have other two rules enabled to navigate:

Read More:

• Core Networking - Neighbour Discovery Advertisement (ICMPv6-Out): Neighbour Discovery Advertisement messages are sent by nodes to notify other nodes of link-layer address changes or in response to a Neighbour Discovery Solicitation request.
  Protocols and ports: Neighbour Discovery Advertisement (ICMPv6, protocol number 58).
• Core Networking - Neighbour Discovery Solicitation (ICMPv6-Out): Neighbour Discovery Solicitations are sent by nodes to discover the link-layer address of another on-link IPv6 node.
  Protocols and ports: Neighbour Discovery Solicitation (ICMPv6, protocol number 58).

Edit: I forgot to add this only happens after a reboot (or at windows startup): if I enable and disable the two rules (or if I disable the firewall and then I re-enable it), the navigation (on internet) can be done.

This picture shows now I have to enable four rules instead of two (firefox tcp 80 and tcp 443, DNS udp 53):

Read More:

The updates were:

Read More:

• KB4100347 (14 Sep 18)
• KB4457128 (12 Sep 18)
• KB4456655 (12 Sep 18)
• KB4457146 (12 Sep 18) (adobe)

Has someone an idea about what happened and changed?

 

[Digerati]

Curious? Why were they disabled? And when did they get disabled?

Just checking my rules and those three Core Networking rules were already enabled on all my systems.

And I don't have any rules listed for Firefox so not sure why you even have that. While FF is not my default (Pale Moon is), I just fired up FF and it works fine.

So I checked to make sure I have all those updates, and I do. While 7128, 6655, and 7146 were all installed on 9/12/2018, 0347 was installed 3+ weeks ago on 8/22/2018. Seems odd your 0347 was just installed this morning. ???

Did you change those default settings and add the FF rule? If so, I wonder if you have not fallen victim of your own design. That is, changes to the defaults you made might have come around to bite you.

 

[xilolee]

I block everything inbound/outbound (or ingoing/outgoing) and allow the programs I decide.
The minimum configuration to navigate in internet is to enable dns udp 53 and tcp 80/443 for the preferred browser (both in outbound rules).
The two rules mentioned in my previous message shouldn't be necessary (to navigate): they weren't necessary before the update.
Instead now I can only navigate with those two enabled…

About the updates: the system can't check MS servers whenever the firewall blocks everything (i.e., I disable the firewall to check for new updates, when I want it checks them).

 

[Digerati]

Not sure what to say then. Most people leave the defaults alone because they work.

About the updates: the system can't check MS servers whenever the firewall blocks everything

True. But then the system cannot keep itself current either.

I used to be very hands-on with my firewall and actively controlled what was allowed in and out too. But then I noticed with W7 and later versions of Windows that my client's computers, which were running with default settings, were not getting infected, or breaking as frequently happened with XP. While much of that I would like to believe is do to me constantly harping on them to stop being "click-happy" on unsolicited links, downloads, attachments and popups, I also firmly believe Windows has evolved significantly since XP and is very much more capable at protecting itself.

So I stopped treating modern versions of Windows like I did XP and instead of "do as I say and not as I do", I started setting up my own systems like I do for my clients and somewhat to my surprise, rarely any problems and never any infections happen.

As to your problem, hopefully someone using the same configuration will come by and give some insight. Sorry I cannot offer more.