Security Concern: GlassWire Essentially Disables the Inbound Firewall

Whenever the GlassWire firewall is enabled, even in “Click to block” mode, it does something concerning from a security perspective due to the way it creates firewall rules.

GlassWire does not just create an Outbound Allow entry for the executable, but also an Inbound Allow entry. This has the concerning side effect that applications which are responsible for multiple things are left wide open.

For example: It is impossible (or requiring a messy workaround) to limit the IP addresses allowed to RDP into the machine.

Since GlassWire, alongside the Outbound rule, also creates an Inbound rule for svchost.exe, the default firewall rules for Remote Desktop are essentially useless as every port that svchost.exe listens to is automatically allowed by the rule GlassWire created.

De facto this means that the Inbound Firewall might just as well be disabled at this point. Unfortunately the only workaround that I know of is to disable GlassWire’s Firewall functionality.

My suggestion would be to add another button next to the “flame” icon to allow inbound connections, of course this should be configurable but I think it would be good if allowing applications to receive incoming traffic was an “opt-in” option, like it is on a standard Windows installation without GlassWire.

That way advanced configuration can still be done in the Windows Defender Firewall settings without having to disable GlassWire’s firewall.

Thanks for your feedback, I will share it with our team.

In case it’s useful I think some RDP software does allow you to limit connections by IP via the software itself. Are you using the default RDP Windows software, or something else? Or maybe in your case the software you are using doesn’t allow this, so I could understand how the functionality you are proposing would be helpful.

Personally I am not sure if the Windows Firewall API works in the way you describe as “leaving things wide open” any more than if you use a PC normally with its default settings. I will have to investigate further.

Please note one reason we designed GlassWire not to touch the Windows Firewall rules in any way (by default) is for advanced users such as yourself.

You can set up detailed firewall rules however you want and GlassWire can’t and won’t disturb the rules as long as you keep our firewall set to “off”. You can then use GlassWire primarily for its visibility features instead of its blocking features and you can choose to never use our firewall at all.

1 Like