[donor20]

Is Windows firewall supposed to apply to WSL? I never expected that! I'm serious - I run a different firewall on my onlinux.

Can you confirm that WSL is supposed to be dealing with (the nightmare) of the windows firewall for internet access? How does fedora / ubuntu etc coordinate / know to do this?

[eptcyka]

It's somewhat unintuitive that a virtualized guest can circumvent the host's firewall/network stack when the guest doesn't have an explicitly bridged or passthrough'd physical adapter.

[rbanffy]

It's not circumventing. It exists outside it.

As for the parent, if it's a Microsoft product running on Windows and Windows has a firewall, I'd expect it to be an effective firewall, at least for the things Microsoft gives me.

[numpad0]

Windows while Hyper-V is enabled runs atop Hyper-V VMM as a VM, same ways as Linux running as Xen Dom0.

WSL2 uses Hyper-V, so Windows running WSL2 is running on Hyper-V, not bare metal. Being a different VM than Windows “Dom0”, Linux Kernel in WSL2 would have direct connection to Hyper-V virtual ethernet switch. I think that’s what is happening.

[mehrdadn]

The host is the hypervisor though isn't it? Not the Windows inside it.

[apetresc]

Exactly this. If you're running WSL2 then you're in Hyper-V mode, which means Windows itself is also running virtualized. The WSL VM is a sibling of Windows on the hypervisor stack, not hosted inside of.

[wasmitnetzen]

The firewall probably applied in the non-virtualized WLS1, but doesn't anymore in the new Hyper-V-based WSL2.