Windows Defender Firewall Inbound Rule for ICMPv6
Hi!
I'm getting more into IPv6 these days and found that ICMP is very important for IPv6 connectivity.
Windows Defender Firewall with Advanced Security (on Windows 10 at least) comes with some inbound ICMPv6 allow rules, but unfortunately they don't allow for quite enough.
I went ahead to create a rule by hand, but found out that you cannot set a group for the rule through the GUI, so instead I opted for creating a little PowerShell command.
You have to run it from a UAC-elevated PowerShell instance.
This rule is based on the existing default ICMPv6 rules.
Create the rule:
New-NetFirewallRule -DisplayName "Core Networking - CUSTOM - Allow Incoming ICMPv6" -Group "Core Networking" -Direction Inbound -Action Allow -Protocol ICMPv6 -Program System
Remove the rule again:
Remove-NetFirewallRule -DisplayName "Core Networking - CUSTOM - Allow Incoming ICMPv6"
Some people may want to exclude echo request for privacy or "security (through obscurity)" reasons, but I don't think it's that big of a deal.
Of course feel free to customize the command in general. The official documentation page (docs.microsoft.com) is very informative.
If you have any other firewalls between you and the sender, you may have to check their rules as well.
I tested the rules with a website like ipv6-test.com.
Thanks for reading!
Using Git Bash With Custom Installation Of GPG / GnuPG
Hi!
You have probably noticed that Git for Windows comes with MinGW64, which enables you to use programs (or to be more precise: Windows versions of these programs) that are usually only available to Linux users. One of the programs that MinGW64 / Git for Windows ships with is GPG / GnuPG. The current version of Git for Windows (2.17.1) for example comes with GPG version 1.4.22.
If you prefer using a custom installation of GPG / GnuPG by default, which is probably much more current than the one you installed manually (2.x), you can achieve this by doing the following:
- Install GPG as you normally would
- Make sure it is executable in the command line / PowerShell (as in: make sure the bin/ subdirectory of the GPG program directory is included in the PATH environment variable)
- Go to the Git for Windows program directory (e.g. C:\Program Files\Git\)
- Navigate to the usr/bin/ subdirectory and rename gpg.exe to something else (like gpg_disabled.exe)
- Close any open Git Bash instances and start a fresh one
- Check the GPG version via
gpg --version
The way that Git Bash works is that is has its own set of directories which have a higher priority when looking for executable files than the ones in Windows' PATH environment variable. So in order to have your own GPG executable working as the "gpg" command, you have to get the included gpg.exe out of the way so it keeps looking in Windows' PATH environment variable.
You can still access the old GPG executable by using the new name (e.g. "gpg_disabled").
Unfortunately you have to do these steps every time you install or update Git for Windows, but at least now you know where to look!
The upside is that now Git (executed from the Git Bash) also uses your own version of GPG for its GPG-related operations.
I hope this was helpful.
Thanks for reading!