Simplewall-Firewall

Discussion in 'other firewalls' started by co22, Oct 25, 2016.

  1. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    467
    Location:
    Europe
    Ugh, no? If you go to Settings > Dropped packets log, and check Enabled dropped packets notifications, and uncheck Exclude blocklist and user rules, you should get notifications for dropped packets, that's the entire point of the firewall, to get prompts for traffic
     
  2. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,927
    Location:
    Serbia
    This disables notifications and silently blocks outbound attempts.
     
  3. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    467
    Location:
    Europe
    No? The name itself is "Enable dropped packets notifications". Enable. Enable. Enable. NOT Disable. Enable.
     
  4. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,927
    Location:
    Serbia
    No. An unintiated inbound packet is considered invalid and is dropped. This is the role of firewall.
    What happens when you disable "dropped packets notifications"?
    Looking at simplewall now (I've been using it for a week or so), it looks like it does not even log blocked inbound attempts.
     
  5. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,484
    Location:
    Mexico
    To make a better simplewall report bugs or enhancements at github.
     
  6. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    588
    Location:
    Germany
    Are you SURE that "ENABLE ... notifications" actually disables notifications? Because it doesn't.

    Floyd, I found out how horrible it can be if you set the time between same notifications lower than 10 seconds... beep beeep beeep beep beeep beeepb eeepb epepbpebpebeb :argh:
     
    Last edited: Dec 6, 2018
  7. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,927
    Location:
    Serbia
    I did not mean that 'enabling' disables notifications. This feature (dropped packet notifications) refers to outbound filtering, not inbound. You don't get notifications on unsolicited inbound connection attempts. No firewall in the world can do this.
     
  8. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,927
    Location:
    Serbia
    Browsing through the thread, it looks like the inbound logging was removed long ago.
    Probably a performance issue, but a big deal nonetheless.
     
  9. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    588
    Location:
    Germany
    Did you ask on Github?
     
  10. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,927
    Location:
    Serbia
    Of course I did not. This is the only place I'm posting on.
     
  11. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,484
    Location:
    Mexico
    And why not? Dev resides on GitHub.
     
  12. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,927
    Location:
    Serbia
    I barely have the time to post in here. I actually never did post anywhere else (did on TalkBass for a while, but that's off for a long time now).
    And dev is here as well, and these are open forums.
     
  13. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,484
    Location:
    Mexico
    I know these are open forums and I am not implying such issues should not be posted here, on the contrary, it's good for everyone to know users issues. I'm saying bugs reports and feedback have much more exposure on GitHub for this specific software. And dev is not really here, he visits Wilders from time to time.

    I've posted two times at henrypp's hub. Both times he has fixed my requests, fortunately.
     
  14. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,927
    Location:
    Serbia
    It's good to know he's responsive. If I like simplewall enough I may consider posting there.
    But regarding inbound logging, I already suspect the answer (resource usage). The feature is consciously removed.
    Windows Firewall itself has logging disabled by default, in some cases (after a terminated p2p connection i.e.) the logs are filled with thousands of blocked entries, which obscures others and almost makes debugging impossible.
    Removing this is not really a big deal for advanced users, as needed resources for a given app can always be found online, but no firewall is complete without full logging facilities.
     
  15. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    467
    Location:
    Europe
    This is like complaining that the police keeps knocking on your door when you tell them to gtfo :D, you need to open the door and resolve the issue (or do something else, depends on the situation), meaning you need to handle the prompts, either allow it or tick "disable notifications for this app". I have it on 0 sec and that allows me to check every single connection attempt. With 1 sec, you see the first connection attempt out of all the connection attempts for that particular second, but you still miss the rest, with 0 seconds, there's no "cmon guys, gimme a little break now", so thus you get every single connection from the process, until you allow it or block it by checking the disable notifications tickbox. Or, let it keep going if you're curious. That's what I use it for. Since there's no delay, connections can be very fast and you may miss some if you don't have a fast reaction time and eyesight, so you can use a script that takes a printscreen every X milliseconds and then pastes the contents of the clipboard (printscreen) a storage so that you can later them check them if you want to

    So then why are you complaining that simplewall can't do it if none else can do it? Not that I support the "compare yourself to others" logic, because you can always do better, but I haven't had any issues or the need for this feature, so what exactly do you need it for?

    Lol bro, for the amount of time you spent complaining in this thread that it would take too much time for you to post on github, you could have already done it :argh:

    You can use regex to filter the logs, regardless of how many they are, I use notepad++
     
  16. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,927
    Location:
    Serbia
    I am complaining about logging, not notifications. These are 2 completely different things. You seem to not grasp this very well, but at least read what is being posted.
    This is not just about time, and I obviously have to spell it out....
    I am not opening accounts all around just to post a single tiny issue with an obscure app.

    [EDIT]
    There are other reasons for default disable. Excessive logging can be resource intensive.
    But thanks for the suggestion.
     
  17. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    467
    Location:
    Europe
    Oops missed that one. I still wonder what you need logging for tho

    Here's a deal, I can use mine or make a new acc on github, you send me what I need to post (on PM) and I post it there, you don't have to make acc

    Also, if you like coding-related stuff or you prefer raw editors over GUIs, you'll LOVE regex, it can get quite fun at times. It's like a mind puzzle, figuring out how to do stuff
     
  18. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,927
    Location:
    Serbia
    For server-type apps, mostly, to see what is being blocked and then make inbound rules out of it. But for advanced users, this is not a problem. I found an excellent quote by henry here -
    And this, I suspect will be the answer for inbound logging as well.
    A couple of years ago, someone (Stem, I think) used one of my posts (with my permission, of course) to report a bug in Jetico firewall, on their forums.
    As I said, these are open forums, and I absolutely have no problem with linking my posts elsewhere. But you'll get no PM from me, I only posted here to clear a bit of a mess... and stumbled upon the logging issue.

    I was not sarcastic above, I honestly meant 'thanks'. Believe I heard of it, but never used it. Will look into it. Again, time permitting of course :)
     
  19. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    467
    Location:
    Europe
    You know, in order to become one of those "advanced users" you have to actually do something about it. You can't just say "nah, I dont have the required knowledge, so Im gonna stay away from the "advanced tools" "
    Every1 starts from somewhere, theres always a first time, if you want to get knowledgeable at something, best way to is to just dive in, not tell urself "nah this is not for me, I can't do it". Yes you can, JUST DO IT
     
  20. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,927
    Location:
    Serbia
    Floyd,
    I did not mean to imply that this is not an app for you. Of course you are right and I agree.
    I only pointed out how henry handles this app - he considers it a tool for advanced users and removes all unnecessary (in his opinion) bloat from it. True, inbound logging is not absolutely necessary, and can be resource hungry. Except digging online, there are many ways to discover which resources an app needs (by looking at the app settings, by using a sniffer, etc.).
    So the above quote is a kind of disclaimer.
     
  21. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    588
    Location:
    Germany
    I just realized that because there is no real block for incoming traffic, my programs or OS could potentially receive traffic from outside the VPN and then send a message back through the VPN, deanonymizing me. Is that right?
     
  22. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,927
    Location:
    Serbia
    No. You misunderstood. There is a block on inbound traffic, this is done by WFP.
    What's missing in simplewall is inbound logging for dropped packets.
    This is not a concern, more of an inconvenience. But as you can see, no one noticed that in 2 years, so that's how this is important for an average end user.
     
  23. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    588
    Location:
    Germany
    Oh :)

    Does anyone know why I have no internet anymore when I block System (ntoskrnl.exe)?
     
  24. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,927
    Location:
    Serbia
    Because you are blocking low-level protocols (network and link layers) such as ARP for example which is essential for IP to MAC address resolutions.
     
  25. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    467
    Location:
    Europe
    I have not allowed System, and I still have an internet connection, and I've never NOT had an internet connection with System disallowed, https://i.lensdump.com/i/AvkgfT.png

    The only problem I've ever had with disallowing System, is that some multiplayer games might require System to connect to the internet, though they aren't common

    So idk what the other guy is saying, I don't have much knowledge in this area, but it seems like it's not "essential"
     
    Last edited: Dec 9, 2018
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.