Ugh, no? If you go to Settings > Dropped packets log, and check Enabled dropped packets notifications, and uncheck Exclude blocklist and user rules, you should get notifications for dropped packets, that's the entire point of the firewall, to get prompts for traffic
No? The name itself is "Enable dropped packets notifications". Enable. Enable. Enable. NOT Disable. Enable.
No. An unintiated inbound packet is considered invalid and is dropped. This is the role of firewall. What happens when you disable "dropped packets notifications"? Looking at simplewall now (I've been using it for a week or so), it looks like it does not even log blocked inbound attempts.
Are you SURE that "ENABLE ... notifications" actually disables notifications? Because it doesn't. Floyd, I found out how horrible it can be if you set the time between same notifications lower than 10 seconds... beep beeep beeep beep beeep beeepb eeepb epepbpebpebeb
I did not mean that 'enabling' disables notifications. This feature (dropped packet notifications) refers to outbound filtering, not inbound. You don't get notifications on unsolicited inbound connection attempts. No firewall in the world can do this.
Browsing through the thread, it looks like the inbound logging was removed long ago. Probably a performance issue, but a big deal nonetheless.
I barely have the time to post in here. I actually never did post anywhere else (did on TalkBass for a while, but that's off for a long time now). And dev is here as well, and these are open forums.
I know these are open forums and I am not implying such issues should not be posted here, on the contrary, it's good for everyone to know users issues. I'm saying bugs reports and feedback have much more exposure on GitHub for this specific software. And dev is not really here, he visits Wilders from time to time. I've posted two times at henrypp's hub. Both times he has fixed my requests, fortunately.
It's good to know he's responsive. If I like simplewall enough I may consider posting there. But regarding inbound logging, I already suspect the answer (resource usage). The feature is consciously removed. Windows Firewall itself has logging disabled by default, in some cases (after a terminated p2p connection i.e.) the logs are filled with thousands of blocked entries, which obscures others and almost makes debugging impossible. Removing this is not really a big deal for advanced users, as needed resources for a given app can always be found online, but no firewall is complete without full logging facilities.
This is like complaining that the police keeps knocking on your door when you tell them to gtfo , you need to open the door and resolve the issue (or do something else, depends on the situation), meaning you need to handle the prompts, either allow it or tick "disable notifications for this app". I have it on 0 sec and that allows me to check every single connection attempt. With 1 sec, you see the first connection attempt out of all the connection attempts for that particular second, but you still miss the rest, with 0 seconds, there's no "cmon guys, gimme a little break now", so thus you get every single connection from the process, until you allow it or block it by checking the disable notifications tickbox. Or, let it keep going if you're curious. That's what I use it for. Since there's no delay, connections can be very fast and you may miss some if you don't have a fast reaction time and eyesight, so you can use a script that takes a printscreen every X milliseconds and then pastes the contents of the clipboard (printscreen) a storage so that you can later them check them if you want to So then why are you complaining that simplewall can't do it if none else can do it? Not that I support the "compare yourself to others" logic, because you can always do better, but I haven't had any issues or the need for this feature, so what exactly do you need it for? Lol bro, for the amount of time you spent complaining in this thread that it would take too much time for you to post on github, you could have already done it You can use regex to filter the logs, regardless of how many they are, I use notepad++
I am complaining about logging, not notifications. These are 2 completely different things. You seem to not grasp this very well, but at least read what is being posted. This is not just about time, and I obviously have to spell it out.... I am not opening accounts all around just to post a single tiny issue with an obscure app. [EDIT] There are other reasons for default disable. Excessive logging can be resource intensive. But thanks for the suggestion.
Oops missed that one. I still wonder what you need logging for tho Here's a deal, I can use mine or make a new acc on github, you send me what I need to post (on PM) and I post it there, you don't have to make acc Also, if you like coding-related stuff or you prefer raw editors over GUIs, you'll LOVE regex, it can get quite fun at times. It's like a mind puzzle, figuring out how to do stuff
For server-type apps, mostly, to see what is being blocked and then make inbound rules out of it. But for advanced users, this is not a problem. I found an excellent quote by henry here - And this, I suspect will be the answer for inbound logging as well. A couple of years ago, someone (Stem, I think) used one of my posts (with my permission, of course) to report a bug in Jetico firewall, on their forums. As I said, these are open forums, and I absolutely have no problem with linking my posts elsewhere. But you'll get no PM from me, I only posted here to clear a bit of a mess... and stumbled upon the logging issue. I was not sarcastic above, I honestly meant 'thanks'. Believe I heard of it, but never used it. Will look into it. Again, time permitting of course
You know, in order to become one of those "advanced users" you have to actually do something about it. You can't just say "nah, I dont have the required knowledge, so Im gonna stay away from the "advanced tools" " Every1 starts from somewhere, theres always a first time, if you want to get knowledgeable at something, best way to is to just dive in, not tell urself "nah this is not for me, I can't do it". Yes you can, JUST DO IT
Floyd, I did not mean to imply that this is not an app for you. Of course you are right and I agree. I only pointed out how henry handles this app - he considers it a tool for advanced users and removes all unnecessary (in his opinion) bloat from it. True, inbound logging is not absolutely necessary, and can be resource hungry. Except digging online, there are many ways to discover which resources an app needs (by looking at the app settings, by using a sniffer, etc.). So the above quote is a kind of disclaimer.
I just realized that because there is no real block for incoming traffic, my programs or OS could potentially receive traffic from outside the VPN and then send a message back through the VPN, deanonymizing me. Is that right?
No. You misunderstood. There is a block on inbound traffic, this is done by WFP. What's missing in simplewall is inbound logging for dropped packets. This is not a concern, more of an inconvenience. But as you can see, no one noticed that in 2 years, so that's how this is important for an average end user.
Because you are blocking low-level protocols (network and link layers) such as ARP for example which is essential for IP to MAC address resolutions.
I have not allowed System, and I still have an internet connection, and I've never NOT had an internet connection with System disallowed, https://i.lensdump.com/i/AvkgfT.png The only problem I've ever had with disallowing System, is that some multiplayer games might require System to connect to the internet, though they aren't common So idk what the other guy is saying, I don't have much knowledge in this area, but it seems like it's not "essential"
