Simplewall-Firewall

Discussion in 'other firewalls' started by co22, Oct 25, 2016.

  1. bitpixl

    bitpixl Registered Member

    Joined:
    Jul 22, 2016
    Posts:
    3
    Location:
    Anywhere but here
    So as of today I switched to Simplewall (coming from Tinywall) and I'm loving it.
    I do have some questions / observations being a new user.

    * Leave windows firewall (wf) enabled on install or disable it.
    1. With wf OFF, simplewall will save to it's own config? (I'm using this)
    2. With wf ON, simplewall will configure the wf?
    Which of these 2 options is recommended and as I'm using the 1st option, how and when does simplewall activate during boot process?
    I'm asking this because I dont see a simplewall service and the default firewall is disabled by simplewall. (I have enabled boot-time filters)

    * Is there a way to allow us to expand the settings/rules window for a better viewing experience?

    * Is the blocklist automatically updated with simplewall updates?

    * of the default enabled system rules, which ones do you guys still disable (and why).

    * I'm working under user context, tried to use the skip UAC but that option doesn't seem to be working properly (as mentioned before).

    * I also vote for making the exit button close to the taskbar.

    * compared to tinywall the first thing I missed was having an option to quickly restrict a program to only acces the LAN. It's working now using the custom rules, but maybe it can be included as an build-in option in the future.
     
    Last edited: Oct 20, 2018
  2. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    588
    Location:
    Germany
    * Simplewall always configures the Windows Filtering Platform (WFP) if enabled. (As does Windows Firewall) But leaving the Windows Firewall on together with Simplewall, leaves your device open to changes to it outside the scope of Simplewall. And any program can simple add filters to the Windows Firewall which practically negates protection.
    Recommended is option 1: to let Simplewall turn the Windows Firewall off. (You can ignore the screams from Windows Security Center about it.)

    I don't know when Simplewall activates itself if boot-time filters are enabled. But I guess it doesn't and this is some functionality of WFP.
    Simplewall does not need a service because it uses WFP. (Like pretty much ALL other firewalls for windows)

    * You can drag the borders and embiggen the window. Or did you mean something else?

    * The blocklist gets separate updates. (More often)

    * None except DNS and Windows Update. (You may need DHCP) Why? Do you have servers running? If not: They are potentially detrimental to network security if allowed.

    * Exit button close to the taskbar?

    * You can right-click anywhere and add a custom rule or a program, if that helps and isn't obvious. I forgot what they tell you when you install it first time.

    * have not used TinyWall
     
  3. bitpixl

    bitpixl Registered Member

    Joined:
    Jul 22, 2016
    Posts:
    3
    Location:
    Anywhere but here
    * Simplewall always configures the Windows Filtering Platform (WFP) if enabled. (As does Windows Firewall) But leaving the Windows Firewall on together with Simplewall, leaves your device open to changes to it outside the scope of Simplewall. And any program can simple add filters to the Windows Firewall which practically negates protection.
    Recommended is option 1: to let Simplewall turn the Windows Firewall off. (You can ignore the screams from Windows Security Center about it.)

    I don't know when Simplewall activates itself if boot-time filters are enabled. But I guess it doesn't and this is some functionality of WFP.
    Simplewall does not need a service because it uses WFP. (Like pretty much ALL other firewalls for windows)

    Excellent answer thank you. Any reason why the boot-time filters aren't enabled by default?

    * You can drag the borders and embiggen the window. Or did you mean something else?

    The main window yes, but once you open the settings window, that window can't be resized.
    Allowing the settings window to be resized to get an overview of all (available/enabled/disabled) system rules in one overview would be useful imo.


    * The blocklist gets separate updates. (More often)

    How is this updated? through the same update mechanic?

    * None except DNS and Windows Update. (You may need DHCP) Why? Do you have servers running? If not: They are potentially detrimental to network security if allowed.

    I'm just asking because I had LLNMR/mDNS/NetBios(in/out)/SNMP/SSDP(in/out)/UPnP enabled. Wondering if that's default or if more was enabled on my end compared to a default windows install. I did find out that turning off WS-Discovery does some stuff with the indexing service (got an index error message on top of the startmenu when I started to type/search something in the startmenu), so I put that back on. I also had to switch on NTP to have windows time get the current time from pool.ntp.org.

    Speaking of Windows Update, having "Windows Update" option enabled under system rules didn't seem to be enough. I had to allow "svchost.exe", which does alot more than just getting windows updates (also sends telemetry). I've "restricted" svchost.exe to port 80;443, but I still feel akward about that executable... I guess there's nothing you can do about it if you want Windows Updates (unless I start using WSUS Offline Updates or something similar)

    * Exit button close to the taskbar?

    I think I was a bit unclear/wrong here, I mean on the main simplewall window on the bottom there's the "Exit" button that closes the the simplewall program. I think it would be better/safer to have that button funtion as a "close to system tray" (and leave it running) option. I think having an true exit program option by right-clicking on the fire icon on the system tray would be a better solution.

    * You can right-click anywhere and add a custom rule or a program, if that helps and isn't obvious. I forgot what they tell you when you install it first time.

    Yeah after some tinkering I got that to work. Ok, would it be possible to have Simplewall have a default option called "restrict to local network" pre-configured as a custom rule, so novice users can simply right-click on the program and link the "restrict to local network" custom rule? I think it would add to the "simplicity" idea of simplewall.

    * have not used TinyWall
    It was pretty good actually, but I think this is getting better and better :)
     
  4. lucidstorm

    lucidstorm Registered Member

    Joined:
    Aug 12, 2018
    Posts:
    41
    Location:
    Poland
    cool since when u use simplewall alongside eset firewall you receive double alerts first from simple wall then eset, might not be like much but if one fails (gets compromised, corrupted, bugs out or when re-installing one of them) another picks up connections. Tinywall doesn't work with eset but with simple wall there are no spotted issues yet. I am trying both at same time (simple wall + eset) since simple wall gives more intuitive control over some eset settings and they don't clash they seam to seamlessly upgrade one another and eset will tell you with hips if simpewall got modified and now tries to connect (hips missing in simplewall) like from virut infection, hacker activity and alike
     
    Last edited: Oct 22, 2018
  5. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    588
    Location:
    Germany
    bitpixl
    Sorry, your answer slipped through my notifications. Haven't seen it until now. Sorry :)
    I don't know. The dev sometimes come on here, you can ask if he doesn't sees this.
    @henrypp He's the developer.
    Yes. You can search for it manually or it will just pop up.
    It is default. I have all these deactivated and they are still listed. You don't usually need them
    I don't use indexing. Actually, in Simplewall I have NTP deactivated, but I still get updates. I just checked. Maybe if the NTP protocoll fails, windows falls back to something else. Thanks for mentioning it. I totally forgot NTP and had it still configured to use microsofts server.
    Yea that's right. Unfortunately Henrypp hasn't yet done something in this regard. Maybe it is hard or impossible to get all or any relevant windows update server IPs.
    You seem to think that the firewall is disabled when you close Simplewall. (I think. Because you said "safer") Simplewall works even when the program is not running. As it uses WFP to enforce blocking; as long as you activated Simplewall the protection never ends. It tells you about this when you close it unless you set the flag to never tell you again the first time you saw it. The only thing that isn't working is the pop-up windows that ask you about new programs that want more internet.

    I think it's best if you make a list with your ideas to improve the program. I don't think Henrypp takes enough time to read all the posts in this thread.
    If you write @henrypp you can send him a notification about your post.

    EDIT: Henrypp, FYI, some Luxembourger VPN-IP are blocked on your website. No issue though.
     
    Last edited: Oct 26, 2018
  6. yeL

    yeL Registered Member

    Joined:
    Aug 10, 2015
    Posts:
    134
    I wish this firewall had some kind of Connections Log where every program that tries to access the internet gets logged and we can customize them to allow/deny, etc, i prefer that over the notification system
     
  7. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    588
    Location:
    Germany
    There's a log of dropped packages. That is basically what you want, isn't it? But yea, it's not very usable.
     
  8. yeL

    yeL Registered Member

    Joined:
    Aug 10, 2015
    Posts:
    134
    That's the notifications i believe, if the app isn't allowed it will prompt you to allow or deny. In a quick search on github a connections log seems impossible according to henrypp
     
  9. mikser

    mikser Registered Member

    Joined:
    Nov 3, 2018
    Posts:
    1
    Location:
    Poland
    Is firewall working on a quest account or another person who isn't an admin.
     
  10. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    588
    Location:
    Germany
    It works only if you started the program there and enabled it at least once. I believe WFP rules are user specific, just like system settings, but maybe I'm wrong.

    EDIT: Oh, I misinterpreted your post. :(
     
    Last edited: Nov 3, 2018
  11. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    299
    Location:
    Europe
    Nope, simplewall doesn't work on standard user acc. I think the preemptively set filters still work (haven't tested), but opening the interface (the "program") itself doesn't, which is required to get notifications for new connections and change existing rules (filters). You can try those "save credentials" shortcuts and stuff, I couldn't make it work though I didn't try much, but even if you do, you can then run any program as admin with those saved credentials, and so can malware, essentially eliminating the point of using a standard user account. You can also try http://www.robotronic.de/runasadminen.html and see if you have any success

    On my own machine personally I stick with admin acc, UAC sucks anyway and if you run programs which normally don't need admin as admin, that means they are now admin and they abide by the admin permissions rather than the user ones, meaning you don't have to give permissions to non-elevated programs since the program in question is running as admin and not a "user", which means if a non-elevated malware tries to do bad stuff they won't be able to cuz there are no user permissions, because the programs which might normally need user permissions are now running as admin and thus only need admin permissions and not user permissions, and non-elevated malware can't get to the admin permissions, on top of that there are a ton of programs that require admin anyway and running as standard user acc is an additional annoyance even if it actually did provide more security which I doubt
     
    Last edited: Nov 3, 2018
  12. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    9,512
  13. bitpixl

    bitpixl Registered Member

    Joined:
    Jul 22, 2016
    Posts:
    3
    Location:
    Anywhere but here
    Awesome, keep up the great work :)

    I'm really enjoying this firewall
     
  14. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    9,512
  15. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    588
    Location:
    Germany
    @henrypp Please fix: Notifications appear very late. (30s) If two applications are blocked, only one notification pops up.
     
  16. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,442
    Location:
    Mexico
  17. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    588
    Location:
    Germany
  18. ackys

    ackys Registered Member

    Joined:
    Feb 28, 2017
    Posts:
    2
    Location:
    Romania
    Complete disable windows firewall and using this Simplewall. Couldnt ask for me. Everything working as it should. Hope to see this piece of software go on. Please a dark theme if and when its posibble.
     
  19. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    9,512
  20. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,442
    Location:
    Mexico
    Now fixed for you, and all of us lol, in this new version.
     
  21. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    588
    Location:
    Germany
    Are you sure? he didn't write about in github
     
  22. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,442
    Location:
    Mexico
    Nope but he pointed to your post so I assumed he did.
     
  23. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    588
    Location:
    Germany
    Oh I didn't click on it xD
    time to test
    EDIT: It seems to work flawless :)
     
    Last edited: Nov 20, 2018
  24. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    9,512
  25. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    588
    Location:
    Germany
    Referring to the pop-up issue: It's not yet totally flawless.

    Then I wondered about something: I never get notifications about INCOMING traffic.
    I have unchecked "Allow incoming traffic for all". So what rule determines that? I guess it's included in the rule that allows traffic, but what if I have a special rule with a IP? Is only incoming traffic from that IP allowed or all?
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.