My main Windows 10 PC, originally installed in 2018, recently has been having strange networking problems after powering on. For example, WSL would not start for minutes, and Wireguard took ages to activate.
I happened to find this general WSL troubleshooting article (cache) on the Microsoft knowledgebase, which, about half way down, mentions possible problems with "HNS Firewall rules" and has a Powershell oneliner to remove some of those rules.
No idea why this was the first thing I tried out of the many options on that page, but as it turns out, my system had over 12.000 HNS Container Networking rules:
PS C:\Users\bochmann> Get-NetFirewallRule -name "HNS Container Networking*" | measure | select Count
Count
-----
12580
This seemed like a problem since there's only about 300 other firewall rules, not to mention the command took quite some time to complete.
After testing on my notebook, which has a much more recent Windows install, it turns out that each reboot adds six of these rules, provided I shut down the system with a
On the notebook, I just nuked all HNS firewall rules (not just those for UDP/53), to no apparent ill effect (needs to be run as Administrator):
wsl --shutdown
Get-NetFirewallRule -Name "HNS Container Networking*" | Remove-NetFirewallRule
hnsdiag delete all
Restart-Service -Force hns
...on the other PC, Powershell tells me that the command will be running for another four hours.
Now I only need to find out why this happens in the first place.
I happened to find this general WSL troubleshooting article (cache) on the Microsoft knowledgebase, which, about half way down, mentions possible problems with "HNS Firewall rules" and has a Powershell oneliner to remove some of those rules.
No idea why this was the first thing I tried out of the many options on that page, but as it turns out, my system had over 12.000 HNS Container Networking rules:
PS C:\Users\bochmann> Get-NetFirewallRule -name "HNS Container Networking*" | measure | select Count
Count
-----
12580
This seemed like a problem since there's only about 300 other firewall rules, not to mention the command took quite some time to complete.
After testing on my notebook, which has a much more recent Windows install, it turns out that each reboot adds six of these rules, provided I shut down the system with a
shutdown /s /t 0 instead of using the Windows menu? Which I usually do to force a "real" shutdown and thwart fast startup...On the notebook, I just nuked all HNS firewall rules (not just those for UDP/53), to no apparent ill effect (needs to be run as Administrator):
wsl --shutdown
Get-NetFirewallRule -Name "HNS Container Networking*" | Remove-NetFirewallRule
hnsdiag delete all
Restart-Service -Force hns
...on the other PC, Powershell tells me that the command will be running for another four hours.
Now I only need to find out why this happens in the first place.