Why do some apps need to be explicitly allowed on a firewall and others not?

networking firewall

Solution 1:

It depends largely on whether the program needs to receive connections.

Web browsers transmit data through the firewall with a unique identifier and the remote server responds back with that same identifier. The firewall allows that data to come back in without issue because the identifiers match. On the outgoing packet a temporary port is opened on the firewall and packets with the correct identifier sent to that same port have a known destination and "trusted" reason to be there.

Bittorrent programs and other servers on the other hand do not send a packet out first, instead they wait on connections from the Internet. Their ports are neither temporary nor are there any unique identifiers exchanged from the bittorrent client to establish whether the traffic is "intentional" and temporary.

As a result for programs expecting incoming connections you have to specifically open ports on the firewall and hold them open.

Related

How do I remove page margins in Word?
How to mute windows beep sound in SSMS 18.5 everytime you tab in the table designer?
User Profile Folder Corruption
How can I convert an XPS format document to PDF?
parsing json in bash with pipe operators
Why does one iPad have two MAC addresses?
How to Improve video quality with windows movie maker?
Why does thumbnail from deleted photo still shows up in the Photos tile in Windows 10?
Shortcut to Toggle F1-F12 function keys on Lenovo Yoga / Lenovo Vantage
How to map Option-Shift-digit keys in zsh using bindkey
How to allow extensions to modify Chrome "protected" pages?
Receiving error apr_socket_connect(): Invalid argument (22) when running apache bench (ab) on OSX