This is a post about the thread https://community.bitdefender.com/en/discussion/77063/wsl-on-windows-10-has-no-network-connectivity and the thread https://community.bitdefender.com/en/discussion/82809/bitdefender-firewall-wont-allow-wsl-traffic . I am rather new to posting in community discussions but I found no way to post a comment to either of these threads with my solution to the problem so I started a new discussion.
As I myself just set up wsl2 and subsequently installed Bitdefender (in 2022, the original post dates back to 2019) and was having the same issue, I consider it still a relevant and current issue.
First, I installed Debian 11 under wsl2. The network connectivity was fine until I installed Bitdefender. I did a search and found the discussions mentioned above...the solution that was eventually proposed was to add an exception to the firewall for C:\Windows\System32\svchost.exe, (or another solution presented was to disable Bitdefender's firewall altogether). I added the above mentioned exception, and it worked, however I was uncomfortable because I did not know what exactly svchost.exe was for. I did some research and concluded that simply allowing ALL svchost.exe traffic was not an advisable solution.
I wish I could source where I found this but the C:\Windows\System32\svchost.exe exception is not necessary for wsl traffic to get through Bitdefender. Upon starting a new session, wsl creates a new /etc/resolv.conf file (in the linux system) with the host ip as the nameserver. If you edit the nameserver value in /etc/resolve.conf to a nameserver such as google's (8.8.8.8) or another outside nameserver, Bitdefender will not block this.
So, in short, you need to execute the following to change /etc/resolv.conf to an outside nameserver (google is 8.8.8.8 -- but there are others) and make it permanent by changing /etc/wsl.conf. The final command "chattr +i" makes the /etc/resolv.conf file read only (immutable) so that wsl will not overwrite it. (chattr is different than chmod in that it applies irregardless of users or groups etc)
*** note! (I missed this stupidly, even tho I know the syntax, in the third echo, it is ">>" not ">" to append instead of overwrite.)
sudo rm /etc/resolv.conf
sudo bash -c 'echo "nameserver 8.8.8.8" > /etc/resolv.conf'
sudo bash -c 'echo "[network]" > /etc/wsl.conf'
sudo bash -c 'echo "generateResolvConf = false" >> /etc/wsl.conf'
sudo chattr +i /etc/resolv.conf
This works for getting wsl to the outside world, through Bitdefender... however, the problem with this that I encountered, and might be a common problem considering the way the discussions I have found for setting up wsl2, is the DISPLAY variable for GUI applications. The threads that I found for dynamically setting the DISPLAY environment variable for the each new linux session grab it inside ~/.bashrc from the /etc/resolv.conf nameserver variable that wsl2 creates. If you disable this, as outlined above, to get Bitdefender to allow traffic, you need another way to get the DISPLAY address for GUI applications to work.
I eventually found a solution to get the dynamic DISPLAY host variable through the following command, placed inside ~/.bashrc
export DISPLAY=$(ip route|awk'^default/{print $3}'):0.0
You will then have both DISPLAY value that puts GUI's under wsl2 on your display and a nameserver that Bitdefender allows to connect to the outside world.
This is my first posting to a community board such as this, so if it was in anyway outside the norms of an instructional post, or if I have somehow mangled terminology, please let me know as I hope to contribute in positive ways to boards such as this in the future, because they have been of such value to me in the past.
