Firewall not blocking utorrent

I’ve discovered that CIS 12.0.0.6818 on Windows 10 1903 does not block utorrent. I have a single firewall rule for utorrent that blocks IP IN/OUT and yet utorrent is still able to download (a Linux distro so nothing illegal). The Windows firewall is off (but utorrent is blocked in there too).

How is utorrent UPnP Port Mapping is off, NAT-PMP Port Mapping is off, DHT is off, Local Peer Discovery is off. I don;t understand how utorrent is getting out!

I tried on 1809 but CIS blocks. Can you show screenshots of your Application Rules and of the application rule for uTorrent?

I’m not sure it’s CIS now. I just restored a Windows 10 1903 system that does not have CIS installed. If I block uTorrent both inbound and outbound in the Windows firewall uTorrent is still able to download. I’m thinking this is a uTorrent ‘feature’ somehow…

With default settings uTorrent will add Windows Firewall exception. See attached image. May be that gets in the way with Windows Firewall. The settings does not influence CIS so with CIS something else is happening.

I know where the problem is - and I have a workaround. Below is my firewall rule for utorrent.

The Home Network zone contains both my IPv4 and IPv6 addresses, but Windows 10 now uses temporary IPv6 addresses and they’re not in my defined zone of course. I suspect that utorrent is picking up one of these temporary addresses and thus bypassing the firewall rule.

I did try disabling temporary IPv6 addresses but utorrent still got out. Then I realised that my IPv6 address had been changed by DHCP (so wasn’t in my network zone). That’s when I found that I can’t make a hard coded IPv6 address stick as I can with an IPv4 address. I can code an IPv6 address in the dialog but it’s not saved and IPv6 reverts to DHCP.

My workaround then is to disable IPv6 altogether, AFAIK I have no apps that require IPv6. With IPv6 disabled the firewall rule behaves exactly as expected.

CIS does not filter IPv6 by default. It needs to be enabled.

And that’s the answer to my question! I am a stupid boy for not realising that. :embarassed:

Edit:

I still can’t figure out what IPv6 address to code in my CIS network zone called Home Network to represent IPv6 on my LAN adapter. If I code the globally unique IPv6 address (from ipconfig /all) that’s subject to DHCPv6 changes. Coding the link local IPv6 address (FE80:…) doesn’t stop utorrent traffic and defining a site local IPv6 address (FEC0:…) and adding that to the network zone doesn’t stop it either.

What I want is an IPv6 address that never changes that I can code in a CIS network zone to represent my home network. How do I do that?

Later Edit:

I’ve discovered that coding the MAC address of my Ethernet LAN adapter in my Home Network network zone (instead of IP addresses), and with a ‘not in Home Network’ rule it works as expected. When the VPN is off utorrent traffic stops on both IPv4 and IPv6 but with the VPN connected utorrent works normally. That’s a puzzle still, because the VPN is a virtual interface and has no MAC address and because the actual traffic is still travelling over the Ethernet LAN adapter with the MAC address I’ve blocked… ???

a puzzle still, because the VPN is a virtual interface and has no MAC address
Incorrect, open a command prompt and type in ipconfig /all and look for the virtual network adapter that the VPN client software uses, you will see the MAC address listed as the physical address. Also you can use wireshark while connected using the VPN you will see the source MAC address of outgoing packets be different than the MAC address of the physical adapter the packets are being sent on.

That’s certainly true for Wireshark but not for ipconfig /all. No MAC address is shown for the VPN virtual adapter. Not that it matters, the not in my LAN MAC is working fine. :slight_smile: