Because Windows Firewall with Advanced Security blocks all incoming unsolicited network traffic by default, you need to configure program, port, or system service rules for programs or services that are acting as servers, listeners, or peers. Program, port, and system service rules are managed on an ongoing basis as your server roles or configurations change. The roles and features that you can install by using Server Manager typically create and enable firewall rules for you when the role or feature is installed. They also remove or disable the rules when the role or feature is removed. A growing number of other, non-Microsoft programs and services also automatically configure Windows Firewall with a set of rules to permit their operation.
Each filtering criteria that you add to a firewall rule adds increasing levels of restriction. For example, if you do not specify a program or service on the Program and Services tab, all programs and services will be allowed to connect, if their network traffic matches the other criteria in the rule. Adding more detailed criteria makes the rule progressively more restrictive and less likely to be matched.
For more information, see Configuring Firewall Rules (http://go.microsoft.com/fwlink/?linkid=137813) in the TechNet Library.