Bitdefender blocking WSL2 traffic -- Solution to a thread that was left unresolved.

xixixi

This is a post about the thread https://community.bitdefender.com/en/discussion/77063/wsl-on-windows-10-has-no-network-connectivity and the thread https://community.bitdefender.com/en/discussion/82809/bitdefender-firewall-wont-allow-wsl-traffic . I am rather new to posting in community discussions but I found no way to post a comment to either of these threads with my solution to the problem so I started a new discussion.

As I myself just set up wsl2 and subsequently installed Bitdefender (in 2022, the original post dates back to 2019) and was having the same issue, I consider it still a relevant and current issue.

First, I installed Debian 11 under wsl2. The network connectivity was fine until I installed Bitdefender. I did a search and found the discussions mentioned above...the solution that was eventually proposed was to add an exception to the firewall for C:\Windows\System32\svchost.exe, (or another solution presented was to disable Bitdefender's firewall altogether). I added the above mentioned exception, and it worked, however I was uncomfortable because I did not know what exactly svchost.exe was for. I did some research and concluded that simply allowing ALL svchost.exe traffic was not an advisable solution.

I wish I could source where I found this but the C:\Windows\System32\svchost.exe exception is not necessary for wsl traffic to get through Bitdefender. Upon starting a new session, wsl creates a new /etc/resolv.conf file (in the linux system) with the host ip as the nameserver. If you edit the nameserver value in /etc/resolve.conf to a nameserver such as google's (8.8.8.8) or another outside nameserver, Bitdefender will not block this.

So, in short, you need to execute the following to change /etc/resolv.conf to an outside nameserver (google is 8.8.8.8 -- but there are others) and make it permanent by changing /etc/wsl.conf. The final command "chattr +i" makes the /etc/resolv.conf file read only (immutable) so that wsl will not overwrite it. (chattr is different than chmod in that it applies irregardless of users or groups etc)

*** note! (I missed this stupidly, even tho I know the syntax, in the third echo, it is ">>" not ">" to append instead of overwrite.)

sudo rm /etc/resolv.conf
sudo bash -c 'echo "nameserver 8.8.8.8" > /etc/resolv.conf'
sudo bash -c 'echo "[network]" > /etc/wsl.conf'
sudo bash -c 'echo "generateResolvConf = false" >> /etc/wsl.conf'
sudo chattr +i /etc/resolv.conf

This works for getting wsl to the outside world, through Bitdefender... however, the problem with this that I encountered, and might be a common problem considering the way the discussions I have found for setting up wsl2, is the DISPLAY variable for GUI applications. The threads that I found for dynamically setting the DISPLAY environment variable for the each new linux session grab it inside ~/.bashrc from the /etc/resolv.conf nameserver variable that wsl2 creates. If you disable this, as outlined above, to get Bitdefender to allow traffic, you need another way to get the DISPLAY address for GUI applications to work.

I eventually found a solution to get the dynamic DISPLAY host variable through the following command, placed inside ~/.bashrc 

export DISPLAY=$(ip route|awk'^default/{print $3}'):0.0

You will then have both DISPLAY value that puts GUI's under wsl2 on your display and a nameserver that Bitdefender allows to connect to the outside world.

This is my first posting to a community board such as this, so if it was in anyway outside the norms of an instructional post, or if I have somehow mangled terminology, please let me know as I hope to contribute in positive ways to boards such as this in the future, because they have been of such value to me in the past.

Alexandru_BD

Hello @xixixi,

Thank you for sharing your valuable findings with the Community. It's good that you have opened a new thread regarding this and I encourage you to post more quality material like this 😊. The previous related discussions were located in an archived category, where new posting has been disabled after the forum was upgraded to its current category structure, in order for the new threads to be opened in their relevant categories. In regards to the firewall issue, following your feedback, I have asked our developers to investigate and come up with a fix.

Once again, your contribution is highly appreciated and I'll see this through and keep this thread updated, as soon as I receive news.

Best regards

WojtekTM

Thank you @xixixi for your solution. But for me, it is just a temporary workaround. BitDefender should definitely fix up this issue, but as I follow this thread for many years I suspect it is not on the top of issues to be resolved.

In my case, your solution works only when I work at home. When I am connected to my university campus I have DNS access to 8.8.8.8 blocked and I have to use university DNS.

Actually, I don't believe BitDefender will solve this issue anytime.

CISVhenriksen

I came to dis forum looking for the exact same issue.

Running Windows 11 and using WSL2, I however noticed that this had been a problem early on, but suddenly worked.

Now it is back to not working anymore and there is no way of getting any details out of Bitdefender Firewall to see what and why it is blocking.

I had been emailing Bitdefender support that proposed the usual "changes" which of none worked. Still awaiting Bitdefender acknowledges that WSL2 is here to stay and we need to use DNS lookup at the HOST side of things.

EDIT: useful link from BitDefender Support: https://www.bitdefender.com/consumer/support/answer/13428/

djb13539

I just found this thread and was able to come up with a different solution. In the WSL2 image, execute the 'ip addr' command. You can then use the process in the BitDefender Support Link that @CISVhenriksen posted to create a rule that allows traffic from a "custom local address". I also discovered that that field will take a full subnet in CIDR notation so I was able to specify the whole subnet used internally by WSL2.