Windows Firewall Control (WFC) by BiniSoft.org

I stick to your own opinion that switching profiles should not be the easiest and most convenient. But since the new feature will be optional, so be it, I don't intend to use it anyway.

Specified time it is very important.
I support the visual notification of profile switching. I also support notification when a new rule is created.

 

For me, a global hotkey is not really important and I would not use it probably.

EDIT: However, I am not strictly against it but if, then exactly how you described.

 

hi
+1 global hotkey
+1 "I was thinking to add also a visual notification when this global hotkey is pressed and the profile changes, something similar to this one, but with a different message:"
+1 i like the visual notification for the new rule was create to allow ...putty , would like a visual notification for rules create or changed not by me

thanks

 

+1 for Global hotkey

for me i don't even need the visual notification, i can just look at the system tray and watch the color of WFC, but since we can disable notifications its no problem

 

Hi, is there a way to find out which rule is blocking a connection.

Let me explain...
I am running a DNS Forwarding Service called AcrylicDNS on my Win10 box
I have 1 rule created
... Program acrylicservice.exe
... Location All
... Enabled Yes
... Action Allow
... Direction Out
... Protocol ANY

However I keep getting port 53 blocked from going out when I am on my VPN ( PUBLIC Location)

I then have added another rule to allow AcrylicDNS
... Program acrylicservice.exe
... Location Public
... Enabled Yes
... Action Allow
... Direction Out
... Protocol UDP
... Remote Port Custom 53

However port 53 is still being blocked.

I have searched for any other rules that block 53 and there are not any.
How can I find which rule is doing the blocking.

Thanks

 

I'm not familiar with Acrylic and my knowledge of this firewall is only from what I read here, so be careful with my advice.
DNS normally needs UDP for remote port 53 in and out. Local port is random, so any. Sometimes DNS also needs TCP out but I think that's rare.

 

Track which WFP (Windows Filtering Platform) filter has blocked/allowed the connection: https://www.wilderssecurity.com/threads/windows-firewall-control-wfc-by-binisoft-org.347370/page-239#post-2968580
Did you remember to enable "Use the following DNS server addresses" and put 127.0.0.1 and ::1 in it ?

 

Win 10/11 can use encrypted DNS over http, also called DOH. It generally needs remote port 443 and uses TCP rather than UDP. It's also a bit fiddly to set up, especially in Acrylic. Acrylic DNS proxy/cache is sometimes happier with binding on 0.0.0.0 instead of 127.0.0.1, depending on your network setup. DNS servers that allow DOH are of more limited availability. Use of dns encryption is debatable. I use a setting that allows fall-back to traditional udp dns on 53 if DOH fails. In Win10 it allows a 'encrypted prefered' as well as non-encrypted and 'encrypted required' in ethernet settings.

 

Windows Firewall Control v.6.7.0.0

Change log:
- New: Global hotkey for toggling between Low and Medium Filtering profiles.
- Improved: Replaced some user actions confirmation dialogs with Windows notifications. In Windows 10 they will be displayed in the notifications area and on Windows 7 as tray icon balloon notifications.
- Fixed: The ULRs used for the services from Tools tab were updated to use https instead of http.

New translation strings
019 = Profile changed to
310 = Toggle between Low and Medium filtering profiles

Removed translation strings
419 = Please refresh the rules in Rules Panel window. Thank you.
​

Download location: https://www.binisoft.org/download/wfc6setup.exe
SHA1: 75b776cbf12d184082cf5bd0b8e9db560fbd477d
SHA256: 855283c00094a4d524647114c603b8b06e8d6c45cffb79ee98178e7c2c625d93

Thank you for your support,
Alexandru Dicu

There is no version 6.6.0.0. After 6.5.0.0, the next build is 6.7.0.0.
WFC works on Windows 11 without any WFC update. I mentioned this just as a confirmation from my side that WFC is working fine on Windows 11.

 

Thank you alexandrud,

I will try this version out soon

 

Thank!
How can I disable connection logging like 127.0.0.1 > 127.0.0.1? If this is not possible now, is it possible to create such an option?

 

Is it possible to add in the rules panel, provided that Windows Firewall contemplates this feature, add the "Creation date" column of the rule which, especially in the case of duplicate rules, could more easily define which one to leave / delete?

 

If you click the cross or press Backspace, the field is cleared and becomes non-None. It seems logical that None should be returned.

 

and if there are previously saved key combinations they are not displayed (just as the (X) is not displayed

Excellent choice of alternating the profile with hotkeys but perhaps it would be preferable instead Toggle between Low and Medium filtering profiles between Profiles default (set) and No Filtering

 

Temporary solution until the release of v6.7.1.0, in the registry you can see the hotkeys, change them or enter None

 

Tnx

 

It is not possible. The auditing of allowed/blocked connections is all or nothing. There is no way to create filters to skip certain connections. Anyway, Windows Firewall does not filter loopback connections. I think the reason is IPC (inter process communications) which is used by several modules of the same program to communicate to each other or by multiple programs to communicate to each other. This is usually done by sending reading data on certain ports on localhost.

Creation date is not a property that Windows Firewall has among firewall rules properties. WFC could add this only by using a JSON in the Description of a rule so that it could somehow extend the properties list with new ones known only by WFC internal logic. However, this means also parsing, validating, etc. And this property will be available only for WFC created rules. Any other rules, default ones, Windows Store rules, etc, will not have such property. There is also a lot of work for this new feature. Unfortunately, this is a big feature request and will not be done very soon.

That keyword "None" is from previous versions of WFC. You probably had them because they were saved like this a while ago. The current and the expected behavior is to be empty because of the localization. Too much work to localize None to other languages. As a result, empty is expected when nothing is set.

No. This should not be used to disable Windows Firewall. Switching to No Filtering should be the last thing to try and should not be easily available, especially by a global hotkey which can be pressed by mistake. The current implementation is this:
- If No Filtering is enabled => it will set Medium Filtering.
- If Low Filtering is enabled => it will set Medium Filtering.
- If Medium Filtering is enabled => it will set Low Filtering.
- If High Filtering is enabled => nothing happens.

 

I thought so, but wanted confirmation or rebuttal from an expert.

Pity. I use Windows Eng and WFC Eng. But this is a downgrade, make word None without localisation for all languages, if it was so in previous versions.

 

What I had suggested has its own logic if you install test applications and you don't want to "dirty" the rules. For what you have specified there is already the "Automatic set ..." option. Then everyone uses WFC in the way that best reflects their attitudes.

PS: I also suggest reviewing (perhaps by mutual agreement / together) the info currently present - which I have already adapted in my language interface - in the various GUI screens in order to make the info clearer even for those who are not very knowledgeable...

I would suggest these very small "changes" that would help make the info more accessible even for those who are not very experienced and use WFC as a facilitated interface:
103 = All outgoing and incoming connections are blocked. This profile blocks all connection attempts to and from the computer.
105 = Outbound and inbound connections that do not have a defined authorization rule are blocked. Connections are allowed only for those programs with a specific authorization rule.
107 = Outbound and inbound connections that do not have a defined block rule are allowed. Connections are blocked only for those programs with a specific blocking rule.
205 = Display notifications for all outbound (and inbound, if configured) connections that are blocked but do not show them for programs defined as exceptions, below.
207 = Automatically create outbound (and inbound, if configured) rules to allow digitally signed programs and display notifications for unsigned programs only.
080 = Block (without Rules)
403 = By default only create outbound rules, when creating new rules, to allow or block applications.
405 = By default only create inbound rules (use this option with caution); Incoming access requests usually come from Server applications or LAN resources.
407 = By default it creates both types of rules, outbound and inbound. Use with caution.

In the file of the Italian language there are still several strings that are no longer in existence

Thanks anyway

 

That's an interesting thought. Please clarify a few points.
080 = Block (without Rules)
(without any Rules) or (without existing Rules) or (without creating Rules)?
105 = ...authorization rule...
What if there is no authorized rule, but there is an unauthorized rule, and Secure Rules is disabled?
407 = By default it creates both types of rules, outbound and inbound. Use with caution. Not recommended.
I don't know why different terms are used:
outgoing and incoming
outbound and inbound

 

080 = Block (without Rules) --> (without existing Rules)
105 = ...authorization rule... --> for the Medium Filtering
407 = By default it creates both types of rules, outbound and inbound. Use with caution. Not recommended. --> Not Recommended it seems to me too imposing
outgoing and incoming
outbound and inbound
matters of choice

PS: I always set rules outbound and inbound

 

PS1: String suggestions refer to this screen (mostly)

 

Thank!

 

For your information and for information purposes only, the file wfcIT.lng re-cleaned, updated and adapted is attached.

 

The global hotkey for switching between profiles is an awesome addition! Super handy when installing software to deal with the typical annoyance of software installations getting firewall blocked, but even further, when they extract temp-file sub-apps which also get firewall blocked. This shortcut now makes handling that easy.

This would be an awesome addition if possible, highly useful. Personally, there are many occasions when it'd be useful to know when a particular rule was created. I would utilize this feature's usefulness often.


Lastly, would it be possible to add the ability to switch the Notifications setting on/off via command line switches? Similar to WFC's other command line options (like the ability to open WFC's panels from the command line + Windows Run dialog).

I have a number of tasks and automations where I'd like to temporarily disable WFC's notifications, but the only way currently to do so is via the GUI. A command line option would be fantastic. It also wouldn't hurt if there were command line switches to switch WFC profiles, as well!

Regardless, thanks for all your continued effort and development, Alex. This is one of the best, most vital pieces of software I use on every machine.