For connections that use rawsockets, only the global
rules are checked.
For connections that do not use
rawsockets, various rules are checked, depending on whether the
connection is to a network address that is listed on the
LAN tab or not.
If the network address is listed on the LAN tab, the following rules are checked:
-
If the address
has been marked as Trusted, all
traffic on the connection is allowed with no further checks.
-
If the address
has been marked as NetBIOS, file
and printer sharing on any connection that meets the following
criteria is allowed:
Connection |
Port |
Range |
TCP |
Remote |
137-139 or 445 |
TCP |
Local |
137-139 or 445 |
UDP |
Remote |
137
or 138 |
UDP |
Local |
137
or 138 |
If the network address is not
listed on the LAN tab, other
firewall rules are checked in the following order:
-
Any
NetBIOS
traffic that has not been allowed using the
LAN tab is dealt with according to the
setting of the
Block file and printer
sharing for other networks check box:
-
If the check
box is selected, the traffic is blocked.
-
If the check
box is cleared, the traffic is processed by the remaining
rules.
-
The
high-priority global rules are checked, in the order in which they
are listed.
-
If the
connection has not already had rules applied to it, the application
rules are checked.
-
If the
connection has still not been handled, the normal-priority global
rules are checked, in the order in which they are listed.
-
If no rules
have been found to handle the connection:
-
In
Allow by default mode, the
traffic is allowed (if it is outbound).
-
In
Block by default mode, the
traffic is blocked.
-
In Interactive mode, the user is asked to
decide. This mode is not available in Windows 8.
Note: If you
have not changed the working mode, the firewall will be in
Block by default mode.