Add "allow" rule to Windows firewall for WSL2 network

[throwable-one]

I was trying to connect to Windows machine from Linux and found that it is blocked by default.

WSL virtual NIC connection belongs to "Public" profile and almost all connections are forbidden.

As workaround, I added following rule explicitly:

PS C:\WINDOWS\system32> $myIp = (Ubuntu1804 run "cat /etc/resolv.conf | grep nameserver | cut -d' ' -f2")
PS C:\WINDOWS\system32> $myIp
172.21.0.1
PS C:\WINDOWS\system32>  New-NetFirewallRule -DisplayName "WSL" -Direction Inbound  -LocalAddress $myIp -Action Allow

Workaround works. But it would be great to have this rule enabled by default.

[throwable-one]

How to repro.

On Windows, listen to some port

PS C:\WINDOWS\system32> $Listener = [System.Net.Sockets.TcpListener]80;
PS C:\WINDOWS\system32> $Listener.Start();
PS C:\WINDOWS\system32> $Listener.AcceptSocket();

On WSL2, try to connect to it:
$ telnet $(cat /etc/resolv.conf | grep nameserver | cut -d' ' -f2) 80

You would not be able to connect until you create appropriate firewall rule

[therealkenc]

#4139

[dansanduleac]

Nice!
Since the IP might change every time you restart your computer, why not use the inteface?

New-NetFirewallRule -DisplayName "WSL" -Direction Inbound  -InterfaceAlias "vEthernet (WSL)"  -Action Allow

[eromoe]

@dansanduleac This allow ping, but how can I access some port on windows , without shutdown the firewall ?

[Dicridon]

Nice!
Since the IP might change every time you restart your computer, why not use the inteface?

New-NetFirewallRule -DisplayName "WSL" -Direction Inbound  -InterfaceAlias "vEthernet (WSL)"  -Action Allow

Thank you so much, I searched for about two hours to make WSL2 launch a graphic Emacs, and this command enabled the use of Emacs GUI, many thanks!

[CyberQin]

@dansanduleac This allow ping, but how can I access some port on windows , without shutdown the firewall ?

try add new inbound rule for these ports?

[dansanduleac]

@eromoe @HQDragon The command I posted should allow you to access anything exposed by Windows from WSL, no matter what port, however bear in mind that any apps you've launched get an automated rule created for them when you first launch them, blocking access from public networks (this is when you get a prompt from Windows Firewall, asking whether the app should be allowed to accept connections from public networks). If you don't explicitly allow, they will be blocked by default, which also blocks connections from WSL. So you might need to find that inbound rule, and change it from block to allow (or just delete it).

More info here (linked from this comment on the original issue #4139 (comment))