I saw this mentioned back in the beginning of the thread, but are there any plans to incorporate restrictions based on IP address, or more importantly domain/hostnames? It would be beneficial to limit connections to particular public IP addresses, and utilizing domain/hostnames would side-step dynamically allotted addresses from internet providers. I love the simplistic nature of this firewall, and feel that this feature would greatly enhance it.
I too like the clean interface of TinyWall. ultim (Karoly Pados) has been absent as his usual style quite a long time from this thread, so I have no idea what his plans are or if he is happy as TW is at the moment. I am anyways since it satisfies my current firewalling. There is that hosts file, you could edit it I quess. I myself don't use it as uMatrix has the same host file, if I remember right. Implemented of course in the browser basis. All things has to be what Windows firewall offers as TW is a controller to it. I once mentioned having the liking of being able to make IP restrictions to rules, but my idea was actually more in terms of if having a home network.
That is a quite hasty, judgemental post. I see no respect in your reply while you seem want to some? And I would be hesitant to have you around if you were my real life acquintance. Based on the above post. Remember TinyWall is ultim's hobby project made to satisfy his needs/knowledge mainly and only shared for us.
Hi all, I'm currently testing TinyWall and really like it. Although i've got a few issues i would like to have guidance upon: is it possible to define more than one "Local Network" from "Restrict to local network" setting (got more than one local subnets) are there any best practices available? i couldn't find any user guide, anything available? Thanks in advance, regards, m
1. My knowledge is limited to know a case of having multiple LANs. I don't even have a local network at the moment. Your router should give you that subnet, something like 192.168.x.y IP address range. When you go to Windows firewall and look at the made rules from that checkbox in TW gui, the only thing you can see is local subnet (or something like that, my Windows is not in english language). 2. & 3. The user guide as such does not exist. In the TinyWall website http://tinywall.pados.hu/ there are some advices by Karoly Pados. I think most of it is general security advices. The guide is this thread. You should not need to read it from start at all. TinyWall has changed a lot from when it was in beta. I think the posts relating to TW 2.1.4 and newer contain information that applies also to current 2.1.6 version. If you are familiar with some firewall's from past I don't think you should really need that much guide. The system rules of TW made into Windows firewall are something i suggest to get a look at. I made them also in the spreadsheet format view Beta-testing TinyWall post #905 They apply also to 2.1.6 version. Remember to export your rules/settings from TW as a backup.
Hi All I am using TinyWall latest version on Win 7 (fully updated) I recently installed a free PPTP VPN, that is I created the adapter in the Network and Sharing Centre. I found that with TW would only work if the firewall was disabled. Even if I enabled learning mode before creating adapter it would not function (the VPN) I tried this with a number of different Free PPTP VPN's and always with the same result. The firewall has to be disabled. I then swapped to Private Firewall all the free VPN's work fine. So what do I need to do to set up TW so that it works. Request replys in layman language. Thank you for your help Terry
I have always used VPNs only with openVPN "protocol". It is also the safest and most modern. There is the checkbox in Special Exceptions/Optional, the last item that you could try tick for 'VPN PPTP'-checkbox, if that works. Another thought is to check that PPTP protocol by 'Allow outgoing'-mode. At least openvpn and usually the GUIs neither as far as I know don't need any incoming connections allowed. Learning mode I think will not find what is needed to allow, if it is some service that uses svchost.exe etc.
ultim: There are some rules set up for inbound that I do not wish to have open. SSDP inbound? UPnP inbound? Inbound WSD Event? ALL ICMP for ipv6? And of course any changes made to Windows Firewall directly are reverted even if I tried to edit it directly. In addition, firewall logging is disabled. I can not imagine why this must be done. After all, the program only maintains a list of blocked connections for the past two minutes apparently (the Connections list only shows the last two minutes each time it's refreshed). I suppose you must have some reasoning that you are tied to in your implementation, as these things make no sense to me. I don't want all those open ports and services able to listen inbound. I didn't even MENTION the similar outbound holes that I do not want. Is there any way these problems will be changed any time soon? Thanks.
Good luck for getting ultim to reply your questions. Here are anyways mine. As you can see in http://www.saunalahti.fi/~jarmos3/TinyWall_rules_215.jpg , from which I think you have found the rules that come as basic ones. I have always disabled "Windows Network Discovery". That should take care of most ones that bother you. If you need some of those services, you can make your own rules to them. Notice there is a possibility to restrict Application Exceptions to local network if you want to implement just some of them. System I don't know if any services use it. I perhaps should have left * wildcard out in documenting them. I also disable "TinyWall" and "Windows Update" special exceptions. Notice the windows update is marked with red color. I dont need the second rule in Win7 computer. So I made one with only the first rule. With Win10 you can disable it and allow only when updating the critical patches. ICMPv6 I also wondered. It is called safe in. I am no expert in that protocol, but anyways I think there lots other things you could have allowed in too. From the network adapter you can disable Internet Protocol version 6. I do that. You should i think disable upnp from your router too. Btw I never finish my post with Thanks. Best reply thanks when you get some help, it is more polite too. Your post was a good one and shows keen interest in the firewall safety.
But he hasn't replied since February. If he provides a product, he should help people that needs it or close the project.
You are just plain wrong. You have been provided the firewall controlling software. It is this Wilders community that should help people with their problems and that includes you. Complaining things is not going to help anyone. So far I have seen little help in this thread. Just some "little kids" waiting for candy and attention. That maybe too harsh a judgement from me, but if I was a developer, I would most likely run away also from some greedy audience. Maybe ultim comes to change his TinyWall if he feels like it. We will see. Myself I would like see something like kerio 2.1.5 was with added to what Windows firewall offers. As it is, I am happy with TinyWall. I would try some other controller if I was not. Not many people would be happy with so much firewall configurability like the old kerio had. And if some controller that always updates, this and that option. How to ever be sure the configuration is really safe, if it is offered from a GUI?
Something about logging with SSD and laptop power consumption in general in this post: https://www.wilderssecurity.com/threads/beta-testing-tinywall.309739/page-28#post-2252881 There might be later posts about this subject. TW is tiny also in system resources use. Almost zero CPU usage, it being absolutely the lightest of all Windows firewalls.
Hi. I have a problem with Steam and TinyWall. Everytime Steam starts I get a message from TinyWall Service in Windows EvenLog "Reloading firewall configuration because C:\Program Files (x86)\Common Files\Steam\SteamService.exe has modified it.". It results in connection break. Is there a way to a avoid this situation (for example, somehow tell TinyWall to ignore this case)?
I am not familiar with steam games, so I hope someone who uses it can give a better answer. There is some mention on the steam in this thread. One thing I suggest you try is right click TinyWall icon and select 'Elevate' before starting Steam. Let us know if it helps. If that won't help, i'm afraid there is not much you can do except 'Allow outgoing' mode. That is not of course totally satisfactory when wanting to limit all your outgoing connections. TinyWall has no wildcards in regarding what programs can go out in the Normal mode.
"Elevate" mode doesn't change anything. BTW, I have another problem. Some applications (Atom editor, Git, SourceTree) connections are shown in TinyWall "Connections" window without name, only with numeric id in column "Process id" (for example, (1111)). So I can't unblock them permanently. Is there a way to solve this problem?
Something in Connection window might be just "noise". I can't give a better explanation for the lack of knowledge, or of how it is implemented, but yes I have too seen those things with only an ID. You can probably see those things also with other network monitors. However you should be able to see an application to whitelist if you start the connection window BEFORE the app you run is starting. Then of course the other ways to whitelist too.
Unfortunately I always start connection monitor window before starting an app and to be sure just checked it again - only process ID is available. The funny thing is that I actually know the application that I use (for example, "C:\Program Files (x86)\Git\bin\sh.exe") but even after adding it to the whitelist, connections are still being blocked.
Thanks for the excellent firewall control Karoly. Please ignore comments from the rude and ungrateful.
I am having a persisting issue with TW. Whenever i open a whitelisted application I experience a temporary disconnect across all other programs. The downtime last less than 5 seconds but every program resets it's connection (Skype, Steam etc..). Connections window displays lots of blocked ports with incoming connections and I am unable to allow them. https://puu.sh/ltr09.png When I disable TinyWall I have no problems, but I really appreciate this software and want to keep using it. However disconnecting whenever opening new programs is really annoying. I am using Windows 10 Pro 64-bit. EDIT: I seem to have fixed the issue by whitelisting the Base Filtering Engine service. I checked event viewer reports of Windows Filtering Platform blocking packets and connections. That caused TinyWall to reload it's configuration every time it happened.
I like TW, but after hours of trying to get combination of PPTP VPN and RDP connection working I'm giving up, if i use only vpn it works, but even if I tick useless box VPN in special exceptions or/and I whitelist every blocked service hidden in svchost plus mstsc.exe and others , I still lose connection after minute or so.. i tried some suggested solutions what to whitelist or so on but without any progress.. so I can use TW and disable firewall every time I need co connect to remote desktop or I can use default windows firewall.. does anyone use tw with such use case without problems?
My issue resurfaced and i have narrowed the problem to dllhost.exe reloading the service. https://puu.sh/lxaeG.png Every time I open an application that makes loads of connections, e.g. Skype and Torrent, I lose connection as the firewall reconfigures. I think this problem is something on my end but I have no idea what could cause it.
