Why are the default options for Windows Firewall exceptions to allow on public but not on private networks?
It's whichever network type you are currently connected to. The goal is to let the user allow without having to manually pick the type, while minimising the exceptions (which is why it doesn't allow both automatically).
You are probably connected to a network designated as public at the moment. You can change that in the networking control panel.
Incidentally, if you were connected to a domain, there would be a third option.