Windows Firewall is a stateful, host-based firewall for incoming traffic. Unlike router-based firewalls deployed at the boundary of a private network and the Internet, Windows Firewall is only designed to act as a firewall for host-based traffic—traffic destined to an IP address on which the computer is listening—rather than for traffic that is destined for another computer.
The basic operation of Windows Firewall is the following:
An incoming packet is inspected and compared against a list of allowed traffic. If the packet matches an entry in the list, Windows Firewall passes the packet to the TCP/IP protocol for further processing. If the packet does not match an entry in the list, Windows Firewall silently discards the packet and, if enabled, creates an entry in the Windows Firewall logging file.
Traffic in the exceptions list is specified using IP addresses, TCP ports, and UDP ports. There is no way to specify traffic based on the IP Protocol field in the IP header.
The list of allowed traffic is populated in two ways:
When the connection on which Windows Firewall is enabled sends a packet, Windows Firewall creates an entry in the list so that the response to the traffic will be allowed.
For example, if a Domain Name System (DNS) Name Query Request message is sent to a DNS server, Windows Firewall adds an entry so that the corresponding DNS Name Query Response message sent by the DNS server can be passed to the TCP/IP protocol for further processing. This behavior makes the Windows Firewall a stateful firewall: state about the traffic initiated by the computer is maintained so the corresponding response traffic will be allowed.
When you configure Windows Firewall for exceptions, the excepted traffic is added to the list. This capability allows a computer using Windows Firewall to accept unsolicited incoming traffic when acting as a server, a listener, or a peer.
For example, if your computer is acting as a Web server, you must configure Windows Firewall to except Web traffic so that the computer can respond to requests from Web clients. You can configure exceptions based on programs, in which case the ports opened by the excepted program are automatically added to the exceptions list, or on TCP or UDP ports, in which case the ports are opened whether the application or services using them is active or not.
|
