When you try to install Windows updates for the first time (e.g. you buy a new computer with Windows 8.1 preinstalled), windows doesn’t start to download updates unless you permit UDP connection to port 3544.

Here is the firewalling rule for your linux firewall:


iptables -A FORWARD -d 94.245.64.0/18 -p udp -m udp --dport 3544 -m conntrack --ctstate NEW -j ACCEPT


Here we go!