Firewall: Outgoing Requests & Incoming Responses

TL;DR

Yes, blocking all incoming traffic on a firewall generally won’t stop responses to requests you initiated. Your firewall rules usually allow established connections back in.

Understanding the Problem

Firewalls control network traffic based on rules. Blocking all incoming traffic sounds like it would prevent everything, but firewalls are smart enough to distinguish between:

• New Incoming Connections: These are connections someone else is trying to start to your computer/network.
• Established Connections: These are replies to requests you’ve already sent out.

Blocking all incoming traffic typically only affects the first type – new connections.

How Firewalls Handle Responses

1. You Make a Request: When your computer asks for something (e.g., loads a webpage), it sends a request to a server on the internet.
2. Firewall Allows Outgoing Traffic: Your firewall will usually allow this outgoing request because it’s starting from inside your network.
3. Server Sends Response: The server replies with the information you asked for.
4. Firewall Recognises Established Connection: When the response comes back, your firewall sees that it’s part of an existing connection (the one you started). It will generally allow this traffic through.

Checking Your Firewall Rules

The exact behaviour depends on how your firewall is configured. Here’s how to check common setups:

1. Windows Defender Firewall

1. Open “Windows Defender Firewall with Advanced Security”.
2. In the left pane, click “Inbound Rules”.
3. Look for rules related to established connections. There’s often a default rule that allows traffic for existing connections. It might be called something like “Allow Established Connections”.

If you’ve created custom rules, review them carefully to see if they are blocking established connections.

2. Linux (iptables/nftables)

Linux firewalls use command-line tools. Here’s how to list the rules:

sudo iptables -L

or

sudo nft list ruleset

Look for rules that ACCEPT traffic with a state of RELATED, ESTABLISHED. For example (iptables):

ACCEPT     related,established

If you don’t see this rule, your firewall might be blocking responses.

3. Router/Firewall Appliance

1. Log in to your router’s web interface (usually via a browser).
2. Find the Firewall section.
3. Look for settings related to stateful inspection or connection tracking. These features are what allow established connections back through.

What if Responses *Are* Blocked?

If you’ve blocked all incoming traffic and responses aren’t getting through, here’s what to do:

• Create a Rule for Established Connections: Add a rule that specifically allows inbound traffic with the state of RELATED or ESTABLISHED.
• Temporarily Disable Blocking (for testing): Briefly disable your “block all incoming” rule to see if responses start working. If they do, you know the rule is the problem. Be careful when disabling firewall rules!

Important Considerations

• Stateful vs. Stateless Firewalls: Older, simpler firewalls might not track connection states and could block responses. Most modern firewalls are stateful.
• Port Numbers: Make sure your firewall isn’t blocking the specific port numbers used for the services you’re trying to access (e.g., port 80 for HTTP, port 443 for HTTPS).