Windows why do I need to explicitly tell you in a firewall rule to allow port 80 to allow someone in the same NAT as me which is set to a private network to access the web server?

Ah,

but how would windows know it's a private network and not some huge company WAN or even a VPN? Or it might as well be your router, but your password could've been cracked/leaked and there could be an attacker on your network port scanning already... or maybe a physical switch or router was unguarded and there's a RPi plugged into it

Should it keep port scanning the entire network all the time to figure out what the security state is? To make sure there are only two clients on the network? and if there's more, like family members, how would it know?

nah, your machine, you have to explicitly manage ports that are not managed by the operating system

as far as the OS knows, there might be a trojar horse on your computer opening a server on port 80 so the attacker can log in happily in

It makes sense.

@Hazarth makes sense. By the way do you know why ufw does not do that by default. I can run sudo ufw allow 80 and sudo ufw reload and anyone on the same network and anyone on the internet in case my IP is public. Windows however requires you to add the firewall rule to allow port 80 and then modify the rule to allow edge transversal to allow devices in the same NAT to access the server running on port 80

@Sony-wf-1000xm3

I haven't used windows in a while, but I don't remember having to set anything special for NATs or anything... I remember only ever having to set up an open port and that was it.

Only thing I can think of is maybe windows added per-interface rules? So maybe allowing 80 only allows it on some default interface or something?

This is just my guess though, I really don't recall ever needing to set anything special for hosting stuff like databases or local servers. hmmm