TinyWall Firewall

Discussion in 'other firewalls' started by ultim, Oct 12, 2011.

  1. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    With 1 minute per rule creation it is no wonder that you started to want popups. In TinyWall you only need a few seconds though in most cases (it depends on the kind of program you want to whitelist, but most times it is very simple), even though there are no popups. The rule management in TinyWall surely different from WFC. WFC's management interface was more designed to craft individual and detailed firewall rules, while TinyWall really tries to operate on a per-app/service bases instead of per rule. For each executable you can restrict protocols, ports, and whether you want maybe just local network access instead of the whole internet. WFC has more options in this regard, but also looks more complicated.

    TinyWall 3 (current beta): yes; TinyWall 2.1 (current release): no
     
  2. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    It's nice, right? :D It will admittedly get somewhat harder when you have programs that use a different or multiple executables to connect, but TinyWall 3 will also bring new features to help in these cases. But thankfully those cases are by far the minority.
     
  3. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,794
    Location:
    .
    :thumb:
     
  4. Bertazzoni

    Bertazzoni Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    652
    Location:
    Milan, Italia
    @ultim @alexandrud

    Forgive my comment about WFC as I'd forgotten about the old paid/free version feature distinction. That, and I've never used it. My main point was that I like the no-popup approach and the principle underlying it. I'm looking forward to version 3 as well. Thanks to all who are testing it.
     
  5. guest

    guest Guest

    ok toyed with TW for an hour, my observations (im not familiar with TW so maybe what i see as "issues" are expected), normal mode with blocklists enabled:

    - adding a process as Exception doesn't seems to fully whitelist all of its connections, some connections are still blocked.
    - unblocking a process in Show Connection panel then clicking refresh doesn't remove the unblocked process from the list until the panel is closed and reopened.
    - Unblocking multiple connections at same time generate the same generic toast notification bar (''the firewall settings have been successfully applied") for each of them, which is quite annoying especially since the toast bar isn't specific.
    - Show Connection has prevalence over Manage when both are opened. basically we cant work on both panel at same time.

    that is it for now.
     
    Last edited by a moderator: Aug 9, 2019
  6. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    If this happened this would be a problem of course. But are you sure the application was not trying to use a different executable than what you whitelisted? Some apps use multiple EXEs to communicate and of course only the ones you whitelist would work. Can you tell me which application this happened with?

    Yes, if you add a single exception, you will get a specific message about what you have just whitelisted. If you add multiple exceptions at once, you will get a generic message. I thought this is better than spamming the user with 3-4 messages separately. I can change this, if more users think it would be better to show separate messages.

    I see. While I can easily make both windows responsive, the problem lies elsewhere. The Manage window always operates over a copy of the settings instead of the live ones (so that you can cancel at any time despite the changes made). Due to this it gets a little tricky for me to support the case where other windows beside Manage can also update the settings at the same time, especially if you consider that Manage can already have changed rules that were not yet saved by the user, and still always show the most current configuration without overwriting the changes made by another window. Since I am not yet convinced that it has a lot of value to be able to operate both the Connections and Manage windows at the same time, it might be a better solution to make Manage modal too, and forbid opening other windows while any other is open.
     
  7. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    This is expected. The Connections panel shows specific instances from the past where a program was not able to access the network. It is not a list of blocking rules showing which programs would get blocked at the moment, so simply adding an exception should not change the list contents. Imho the real bug here is that blocking history gets forgotten when you close the window. I will fix that in the next build.
     
  8. guest

    guest Guest

    If I recall well, it was Chrome and few others, will try to replicate and take a screen. they all had common factor: direction = out,

    In fact it still spamming.
    Open Show Connections > select all the connections of the process at same time > click unblock > you get one notification for each connection unblocked which with the sound become very irritating.
     
  9. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    Ouch, definitely not what I intended. Gonna be fixed by the next build.
     
    Last edited: Aug 10, 2019
  10. guest

    guest Guest

  11. Bertazzoni

    Bertazzoni Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    652
    Location:
    Milan, Italia
    Yeah, what happened there? It wasn't my post :argh:!
     
  12. guest

    guest Guest

    i hacked you account looooooooool
     
  13. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    LOL, I have no idea, but corrected.
     
  14. Deletedmessiah

    Deletedmessiah Registered Member

    Joined:
    Feb 20, 2018
    Posts:
    130
    Location:
    Outer space
    guest hacked Wilders. Beware :D
     
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    You guys changed my opinion about this subject. At first I found it annoying that TinyWall didn't give me alerts, but since just about every app wants to make outbound network connections, I started to prefer the "no alerts" approach. I honestly can't remember why I switched from TinyWall to WFC, but I think I might be willing to switch back, since WFC has got this annoying bug on my system. But both are great tools, no doubt.

    Are you going to implement features not related to the firewall? It would be cool if it could also monitor code injection which is often used to bypass firewalls. And what about file protection, similar to Hands Off, but without the alerts of course. I'm all for auto-blocking, I can't believe that a tool like SpyShelter doesn't give this option.

    https://www.oneperiodic.com/products/handsoff/
     
  16. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    Cool. If you are thinking about giving TW another go, may I recommend you try the latest beta build instead of the stable release? It seems the beta is pretty stable, and is also better in some important aspects. And of course the more people test it, the better :)

    In general, TinyWall is going to stay a firewall, and will not be expanded into a full-blow security solution. Some slightly-non-firewall functionality is being planned, but nothing on the scale that you are describing. For stopping code injections for example, HIPS and behavioral analysis software are much more suited. You can just install one parallel to TinyWall. There are also tons of non-firewall autoblockers out there, like VoodooShield (this is an example, not a recommendation). I don't think there is much to gain by integrating such a solution into TinyWall itself.
     
  17. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,794
    Location:
    .
    Amen.
     
  18. guest

    guest Guest

    the only thing i can see worth implementing is a IP address querry,/WHOIS in the Show Connections panel to know at which domain/region/whatever a connection is going.
    Also it would be nice that TW shows what made a block, in example a column named "blocked by" then it would show "blocklist" or ''default" or "user" (the terminology is up to the dev)
     
  19. guest

    guest Guest

  20. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,794
    Location:
    .
    So we can leave WF running and it does not matter that much, alright.
    Now I wonder how you manage to stop programs to open ports/outbound connections, etc., while WF is running.
    How TW takes precedence over WF?

    Is it really secure to have both firewalls running on a machine?
    Isn't better that TW allowed users to disable and re-enable WF at will?
     
  21. yeL

    yeL Registered Member

    Joined:
    Aug 10, 2015
    Posts:
    280
    I tried the beta (v3, from here: https://www.wilderssecurity.com/threads/beta-testing-tinywall.309739/page-57#post-2846191) and i'm a bit confused.

    I changed mode to "block all" and allowed/unblocked Chrome. It didn't work, said internet access was blocked.
    Changed the mode to "Allow outgoing" and Chrome worked afterwards but also did a VPN i had on while it was not present/allowed in the "Manage" window.

    I'm missing something here for sure, all i want to do is to block everything by default and then allow/unblock specific programs. Shouldn't i be using the "block all" mode?
     
  22. askmark

    askmark Registered Member

    Joined:
    Jul 7, 2016
    Posts:
    392
    Location:
    united kingdom
    Short answer: The default 'Normal' mode does exactly what you want.
     
  23. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    Actually, what I said in the announcement a few pages earlier was stupid. Windows Firewall should be disabled while TinyWall is running. Basically, an app will be blocked if it is blocked in any of the running firewalls. Which means you will have problems whitelisting incoming connections in TinyWall with WF's default settings. The next build will take care of this for you, so you won't have to do it manually. If you are using the current beta, you should disable WF manually if you need to whitelist incoming connections in TinyWall.
     
  24. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    Exactly what askmark said: you need the Normal mode for this. The "Block all" mode unconditionally blocks all connections and ignores any rules/exceptions you have created. You'd use the Block All mode if you want to temporarily cut your computer from all network access. Basically, "Block all" is a "software shortcut" for pulling the network cable out of your computer.
     
  25. ultim

    ultim Developer

    Joined:
    Oct 12, 2011
    Posts:
    703
    Location:
    Hungary
    About WHOIS: yeah, I should probably replace the current "Search remote address on web" in the context menu by a WHOIS query, because the current function is near useless.
    About block reason: I like the idea and I'll keep that in mind for a future release.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.