For connections that use rawsockets, only the global rules are
checked.
For connections that do
not use rawsockets, various rules are checked, depending on
whether the connection is to a network address that is listed on the
LAN tab or not.
If the network address is listed on the
LAN tab, the following rules are checked:
- If the address has been
marked as
Trusted, all traffic on the connection is
allowed with no further checks.
- If the address has been
marked as
NetBIOS, file and printer sharing on any
connection that meets the following criteria is allowed:
Connection
|
Port
|
Range
|
TCP
|
Remote
|
137-139 or 445
|
TCP
|
Local
|
137-139 or 445
|
UDP
|
Remote
|
137 or 138
|
UDP
|
Local
|
137 or 138
|
If the network address is
not listed on the
LAN tab, other firewall rules are checked in the
following order:
-
Any
NetBIOS traffic that has not been allowed
using the
LAN tab is dealt with according to the
setting of the
Block file and printer sharing for other
networks check box:
- If the check box is
selected, the traffic is blocked.
- If the check box is
cleared, the traffic is processed by the remaining rules.
- The high-priority global
rules are checked, in the order in which they are listed.
- If the connection has not
already had rules applied to it, the application rules are checked.
- If the connection has
still not been handled, the normal-priority global rules are checked, in the
order in which they are listed.
- If no rules have been
found to handle the connection:
- In Allow by default mode,
the traffic is allowed (if it is outbound).
- In Block by default mode,
the traffic is blocked.
- In Interactive mode, the
user is asked to decide. This mode is not available on Windows 8 and
later.
Note: If you have not changed the working mode, the firewall will be
in
Block by default mode.