Simplewall-Firewall

Discussion in 'other firewalls' started by co22, Oct 25, 2016.

  1. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    590
    Location:
    Germany
    There's a log of dropped packages. That is basically what you want, isn't it? But yea, it's not very usable.
     
  2. yeL

    yeL Registered Member

    Joined:
    Aug 10, 2015
    Posts:
    153
    That's the notifications i believe, if the app isn't allowed it will prompt you to allow or deny. In a quick search on github a connections log seems impossible according to henrypp
     
  3. mikser

    mikser Registered Member

    Joined:
    Nov 3, 2018
    Posts:
    1
    Location:
    Poland
    Is firewall working on a quest account or another person who isn't an admin.
     
  4. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    590
    Location:
    Germany
    It works only if you started the program there and enabled it at least once. I believe WFP rules are user specific, just like system settings, but maybe I'm wrong.

    EDIT: Oh, I misinterpreted your post. :(
     
    Last edited: Nov 3, 2018
  5. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    548
    Location:
    Europe
    Nope, simplewall doesn't work on standard user acc. I think the preemptively set filters still work (haven't tested), but opening the interface (the "program") itself doesn't, which is required to get notifications for new connections and change existing rules (filters). You can try those "save credentials" shortcuts and stuff, I couldn't make it work though I didn't try much, but even if you do, you can then run any program as admin with those saved credentials, and so can malware, essentially eliminating the point of using a standard user account. You can also try http://www.robotronic.de/runasadminen.html and see if you have any success

    On my own machine personally I stick with admin acc, UAC sucks anyway and if you run programs which normally don't need admin as admin, that means they are now admin and they abide by the admin permissions rather than the user ones, meaning you don't have to give permissions to non-elevated programs since the program in question is running as admin and not a "user", which means if a non-elevated malware tries to do bad stuff they won't be able to cuz there are no user permissions, because the programs which might normally need user permissions are now running as admin and thus only need admin permissions and not user permissions, and non-elevated malware can't get to the admin permissions, on top of that there are a ton of programs that require admin anyway and running as standard user acc is an additional annoyance even if it actually did provide more security which I doubt
     
    Last edited: Nov 3, 2018
  6. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    17,561
  7. bitpixl

    bitpixl Registered Member

    Joined:
    Jul 22, 2016
    Posts:
    5
    Location:
    Anywhere but here
    Awesome, keep up the great work :)

    I'm really enjoying this firewall
     
  8. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    17,561
  9. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    590
    Location:
    Germany
    @henrypp Please fix: Notifications appear very late. (30s) If two applications are blocked, only one notification pops up.
     
  10. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,608
    Location:
    Mexico
  11. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    590
    Location:
    Germany
  12. ackys

    ackys Registered Member

    Joined:
    Feb 28, 2017
    Posts:
    2
    Location:
    Romania
    Complete disable windows firewall and using this Simplewall. Couldnt ask for me. Everything working as it should. Hope to see this piece of software go on. Please a dark theme if and when its posibble.
     
  13. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    17,561
  14. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,608
    Location:
    Mexico
    Now fixed for you, and all of us lol, in this new version.
     
  15. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    590
    Location:
    Germany
    Are you sure? he didn't write about in github
     
  16. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,608
    Location:
    Mexico
    Nope but he pointed to your post so I assumed he did.
     
  17. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    590
    Location:
    Germany
    Oh I didn't click on it xD
    time to test
    EDIT: It seems to work flawless :)
     
    Last edited: Nov 20, 2018
  18. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    17,561
  19. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    590
    Location:
    Germany
    Referring to the pop-up issue: It's not yet totally flawless.

    Then I wondered about something: I never get notifications about INCOMING traffic.
    I have unchecked "Allow incoming traffic for all". So what rule determines that? I guess it's included in the rule that allows traffic, but what if I have a special rule with a IP? Is only incoming traffic from that IP allowed or all?
     
  20. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    548
    Location:
    Europe
    I'm pretty sure general rules work for both incoming and outgoing traffic, so chances are, you saw the outgoing prompt (since outgoing is first, must send some info to receive some info back), you allowed it, and then the incoming traffic was also allowed for that process because of the general rule, so you didn't see any prompt. I think in order to see prompt for incoming traffic, it has to be from a process not allowed, and also if the process has no outgoing traffic at the same time, if I'm not wrong. I think you also have to uncheck "Allow inbound connections for all". I have also disabled all system rules, not sure what they do actually, but you should disable them just in case that you're missing prompts from them

    Also, what pop-up issue?
     
  21. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    590
    Location:
    Germany
    Ah, dude. Your reading or context comprehension is bad today :)
    It's two posts above that one. Also I said I unchecked "Allow inbound connections for all".

    Thank you for your answer :)
    I disabled system rules due to your recommendation. Makes sense
     
  22. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    548
    Location:
    Europe
    Don't you set that from Settings > Dropped packets log > Timeout between same notifications? Or you mean something else?
     
  23. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    590
    Location:
    Germany
    Something else: The inital notification. But thanks again! I changed that setting to one sec. :)
     
  24. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    548
    Location:
    Europe
    The minimum is 0 seconds, you're missing out ;)
     
  25. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,970
    Location:
    Serbia
    This is because of stateful TCP inspection provided by the WFP. The firewall is 'aware' of the state of connections so inbound would be allowed based on what has been requested by the outbound. That's the reason you only need outbound application rules. The exceptions are server apps (like P2P clients i.e.).
    You won't see prompts for uninitiated inbound connections, they will be silently dropped (and logged). And then rules can be made based on logs.
    For 'stateless' protocols (UDP) there is a need to include inbound rule as well, for example DHCP or File Sharing.
    It is unchecked by default (as it should be) as it basically disables inbound filtering (equivalent to disabling Windows Firewall). It is there to disable when you're using alternative solution to filter inbound traffic (a router i.e.) and want just an outbound blocker.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.