mattg wrote: ↑2020-10-12 23:43
Rules Store
A rules store contains the list of rules used by a firewall to determine whether unsolicited incoming traffic is allowed or blocked. A typical rules store is created around the notion of “implicit deny,” which means that all unsolicited incoming traffic is blocked (denied) unless there is an explicit rule allowing the traffic through the firewall. Furthermore, a typical rules store is processed sequentially from top to bottom: that is, the firewall compares the characteristics of unsolicited incoming traffic against each rule, one at a time, until a rule is found that allows the traffic (in which case, the traffic passes through the firewall) or the end of the rules list is reached (in which case, the traffic is blocked). Creating and maintaining this type of rules store can be difficult because the order of the rules is important and it is relatively easy to create a rule that inadvertently allows all traffic through the firewall.
Windows Firewall uses the notion of implicit deny, but it does not use a strictly sequential or ordered rules store. When you turn on Windows Firewall in its default configuration, all unsolicited incoming TCP and UDP traffic is blocked. In other words, you must create explicit rules to allow unsolicited incoming traffic to pass through Windows Firewall. However, you do not need to create the rules in any particular order because the rules are not processed sequentially.
I think this is about 'rules stores' not necessarily the same as display.
Add a new block rule. Where does it go?
yes.. where does it go.. and read the text ( that i also marked red above ):
"However, you do not need to create the rules in any particular order because the rules are not processed sequentially"
eeeeeeehh ??? .. so not processed sequentially .. ok - got it..
so the OP put in a "block" firewall rule that will be blanked out by his "allow" rule, because windows defender Firewall is built around “implicit deny,” all is good.. now we think we understand.. ( but i can assure you my "IP block list" rule works, but according to above it shouldnt,, cause i also have a rule saying to allow SMTP traffic.. but my IP Block list rule does its job.. just saying

)
sometimes for me.. . this is not entirely clear