Fort Firewall

Discussion in 'other firewalls' started by tnodir, Mar 8, 2019.

  1. tnodir

    tnodir Registered Member

    Joined:
    Oct 21, 2017
    Posts:
    229
    Location:
    etc
    Fort [1] is a simple firewall for Windows 7+.

    Features:
    - Filter by network addresses, application groups
    - Application group speed limits
    - Stores hourly, daily, monthly and yearly statistics
    - Graphical display of bandwidth
    - No alert popups
    - Based on Windows Filtering Platform (WFP)
    - Open Source (GPLv3)

    [1] https://github.com/tnodir/fort
     
  2. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    Another one? :shifty: Hope it is good, and good luck. Will stay in the shadows till others test.

    Simplewall is a hit here but Henry++ doesn't speak the language very well. So it is up to us to guess what he is saying most of the time. No offense.
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    No screenshots?
     
  4. tnodir

    tnodir Registered Member

    Joined:
    Oct 21, 2017
    Posts:
    229
    Location:
    etc
    Let me show how I'm using the firewall: screenshots.
     
    Last edited: Mar 11, 2019
  5. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,997
    Location:
    Poland - Cracow
    Nice old-school look and a lot of options which we could find in old firewalls. For me worth to try...thanks for sharing :thumb: One question - is it based on system FW or is the standalone firewall with own drivers?
     
  6. tnodir

    tnodir Registered Member

    Joined:
    Oct 21, 2017
    Posts:
    229
    Location:
    etc
    @ichito thanks for kind words.
    It uses WFP (as Windows FW) and has it's own driver.

    So, you can disable Windows FW or use with it in conjunction.
     
  7. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Assume this firewall is also compatible with Windows 8 hence the reference 7+
     
  8. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    1,283
    Location:
    UK
    Do i have to compile this?
    as i cant see a zip file
     
  9. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,788
    Location:
    .
    It's been rolling since Sep 11, 2017 v0.1.0 and no one has reported a single issue ever since?
    Nobody uses it or what.
     
  10. askmark

    askmark Registered Member

    Joined:
    Jul 7, 2016
    Posts:
    392
    Location:
    united kingdom
    You need to select the Releases tab on the Github page.
     
  11. tnodir

    tnodir Registered Member

    Joined:
    Oct 21, 2017
    Posts:
    229
    Location:
    etc
    Thanks for questions, I've added to Readme.
     
  12. tnodir

    tnodir Registered Member

    Joined:
    Oct 21, 2017
    Posts:
    229
    Location:
    etc
    I've not advertised it, because drivers were not signed until recently.
    I think, nobody uses it outside of my city.
     
  13. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,788
    Location:
    .
    Fine, I understand.

    Are you planning to do a portable version?
    I like portable apps for many reasons.
     
  14. tnodir

    tnodir Registered Member

    Joined:
    Oct 21, 2017
    Posts:
    229
    Location:
    etc
    You can use it as portable now by:
    - install it, backup the installed folder, uninstall
    - copy the backup-ed folder to destination machine
    - install the driver via "driver\scripts\install.bat"
    - use --profile <path> argument to change settings folder

    We can add portable support by:
    - check the driver on startup - if it's working fine, then continue as usually
    - otherwise check "fort_portable_mode.txt" file existence
    - if we're in portable mode, then (re)install the driver, use local profile, etc...
     
    Last edited: Mar 10, 2019
  15. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,788
    Location:
    .
    Thanks for the guide but I think you can still make a portable version and still make user to install manually via install.bat such driver.
     
  16. tnodir

    tnodir Registered Member

    Joined:
    Oct 21, 2017
    Posts:
    229
    Location:
    etc
    Yes, see my edited post above.
     
  17. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,296
    Location:
    Europe
    @tnodir

    Why should I use this over simplewall?
     
  18. tnodir

    tnodir Registered Member

    Joined:
    Oct 21, 2017
    Posts:
    229
    Location:
    etc
    If you like simplewall, then use it.

    I've to use kernel-mode driver, because I need:
    - long list of IPv4 addresses
    - partial match of application path (e.g. "C:\Git\" allows all programs from that subpath)
    - speed limiting
     
    Last edited: Mar 11, 2019
  19. tnodir

    tnodir Registered Member

    Joined:
    Oct 21, 2017
    Posts:
    229
    Location:
    etc
  20. askmark

    askmark Registered Member

    Joined:
    Jul 7, 2016
    Posts:
    392
    Location:
    united kingdom
    Hello @tnodir
    Thank you for sharing your firewall program.

    I am struggling to understand what the difference is between "Internet Addresses" and "Allowed Internet Addresses" on the IPV4 Addresses tab.

    Can you also please explain what the "Include All" and "Exclude All" tick boxes do on that tab?
     
  21. tnodir

    tnodir Registered Member

    Joined:
    Oct 21, 2017
    Posts:
    229
    Location:
    etc
    1. All FW rules act on "Internet Addresses" only.
    LAN addresses are immediately allowed by FW and not checked by app groups or speed limiter.

    For example here you can describe Internet addresses as:
    - "Include All" addresses,
    - but exclude "127.0.0.0/8, 192.168.0.0/16".

    2. "Allowed Internet Addresses" may be used for example:
    a) to block only some addresses:
    - "Include All" addresses,
    - but exclude facebook.com: "31.13.72.36".
    b) to allow only some addresses:
    - "Exclude All" addresses,
    - but include wikipedia.com: "91.198.174.192".

    Filtered apps will be shown in the "Blocked" tab.
     
  22. tnodir

    tnodir Registered Member

    Joined:
    Oct 21, 2017
    Posts:
    229
    Location:
    etc
  23. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Click-Thanks-Keep it going
     
  24. askmark

    askmark Registered Member

    Joined:
    Jul 7, 2016
    Posts:
    392
    Location:
    united kingdom
    Hi,

    Many thanks for the detailed explanation. A few more questions if I may:

    What does the Internet address 0.0.0.0/32 do? Does it mean any IP address is matched or is it something to do with the Default Gateway or something else different entirely?

    Do the App rules take precedence over the Allowed Internet rules? For example if I create an App rule for Chrome does it have access to all Internet addresses or only the Allowed Internet addresses?

    On the blocked tab I'm seeing Apps and IP addresses as expected, but what does the Resolve IP tick box do?

    I really like the GUI and functionality of Fort and you should be commended for creating a portable firewall with its own kernel mode driver. I look forward to future updates.

    Thanks
     
  25. tnodir

    tnodir Registered Member

    Joined:
    Oct 21, 2017
    Posts:
    229
    Location:
    etc
    I can't remember exactly why I've added it, but smth related to DHCP.
    Filtering steps:
    1) If address is 127.* or 255.255.255.255 and "Filter Local Addresses" is turned off, then PERMIT
    2) If "Stop Traffic" is turned on, then BLOCK
    3) If "Filter Enabled" is turned off or address is not from "Internet Addresses", then PERMIT
    4) If "Stop Internet Traffic" is turned on, then BLOCK
    5) If address is not from "Allowed Internet Addresses", then goto 7)
    6) If app path is allowed, then PERMIT
    7) If "Show Blocked Applications" is turned on, then log about blocked event and BLOCK
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.