Simplewall-Firewall

Discussion in 'other firewalls' started by co22, Oct 25, 2016.

  1. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    293
    Location:
    Europe
    I'm pretty sure general rules work for both incoming and outgoing traffic, so chances are, you saw the outgoing prompt (since outgoing is first, must send some info to receive some info back), you allowed it, and then the incoming traffic was also allowed for that process because of the general rule, so you didn't see any prompt. I think in order to see prompt for incoming traffic, it has to be from a process not allowed, and also if the process has no outgoing traffic at the same time, if I'm not wrong. I think you also have to uncheck "Allow inbound connections for all". I have also disabled all system rules, not sure what they do actually, but you should disable them just in case that you're missing prompts from them

    Also, what pop-up issue?
     
  2. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    588
    Location:
    Germany
    Ah, dude. Your reading or context comprehension is bad today :)
    It's two posts above that one. Also I said I unchecked "Allow inbound connections for all".

    Thank you for your answer :)
    I disabled system rules due to your recommendation. Makes sense
     
  3. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    293
    Location:
    Europe
    Don't you set that from Settings > Dropped packets log > Timeout between same notifications? Or you mean something else?
     
  4. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    588
    Location:
    Germany
    Something else: The inital notification. But thanks again! I changed that setting to one sec. :)
     
  5. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    293
    Location:
    Europe
    The minimum is 0 seconds, you're missing out ;)
     
  6. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,927
    Location:
    Serbia
    This is because of stateful TCP inspection provided by the WFP. The firewall is 'aware' of the state of connections so inbound would be allowed based on what has been requested by the outbound. That's the reason you only need outbound application rules. The exceptions are server apps (like P2P clients i.e.).
    You won't see prompts for uninitiated inbound connections, they will be silently dropped (and logged). And then rules can be made based on logs.
    For 'stateless' protocols (UDP) there is a need to include inbound rule as well, for example DHCP or File Sharing.
    It is unchecked by default (as it should be) as it basically disables inbound filtering (equivalent to disabling Windows Firewall). It is there to disable when you're using alternative solution to filter inbound traffic (a router i.e.) and want just an outbound blocker.
     
  7. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    293
    Location:
    Europe
    Ugh, no? If you go to Settings > Dropped packets log, and check Enabled dropped packets notifications, and uncheck Exclude blocklist and user rules, you should get notifications for dropped packets, that's the entire point of the firewall, to get prompts for traffic
     
  8. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,927
    Location:
    Serbia
    This disables notifications and silently blocks outbound attempts.
     
  9. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    293
    Location:
    Europe
    No? The name itself is "Enable dropped packets notifications". Enable. Enable. Enable. NOT Disable. Enable.
     
  10. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,927
    Location:
    Serbia
    No. An unintiated inbound packet is considered invalid and is dropped. This is the role of firewall.
    What happens when you disable "dropped packets notifications"?
    Looking at simplewall now (I've been using it for a week or so), it looks like it does not even log blocked inbound attempts.
     
  11. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,442
    Location:
    Mexico
    To make a better simplewall report bugs or enhancements at github.
     
  12. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    588
    Location:
    Germany
    Are you SURE that "ENABLE ... notifications" actually disables notifications? Because it doesn't.

    Floyd, I found out how horrible it can be if you set the time between same notifications lower than 10 seconds... beep beeep beeep beep beeep beeepb eeepb epepbpebpebeb :argh:
     
    Last edited: Dec 6, 2018
  13. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,927
    Location:
    Serbia
    I did not mean that 'enabling' disables notifications. This feature (dropped packet notifications) refers to outbound filtering, not inbound. You don't get notifications on unsolicited inbound connection attempts. No firewall in the world can do this.
     
  14. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,927
    Location:
    Serbia
    Browsing through the thread, it looks like the inbound logging was removed long ago.
    Probably a performance issue, but a big deal nonetheless.
     
  15. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    588
    Location:
    Germany
    Did you ask on Github?
     
  16. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,927
    Location:
    Serbia
    Of course I did not. This is the only place I'm posting on.
     
  17. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,442
    Location:
    Mexico
    And why not? Dev resides on GitHub.
     
  18. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,927
    Location:
    Serbia
    I barely have the time to post in here. I actually never did post anywhere else (did on TalkBass for a while, but that's off for a long time now).
    And dev is here as well, and these are open forums.
     
  19. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,442
    Location:
    Mexico
    I know these are open forums and I am not implying such issues should not be posted here, on the contrary, it's good for everyone to know users issues. I'm saying bugs reports and feedback have much more exposure on GitHub for this specific software. And dev is not really here, he visits Wilders from time to time.

    I've posted two times at henrypp's hub. Both times he has fixed my requests, fortunately.
     
  20. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,927
    Location:
    Serbia
    It's good to know he's responsive. If I like simplewall enough I may consider posting there.
    But regarding inbound logging, I already suspect the answer (resource usage). The feature is consciously removed.
    Windows Firewall itself has logging disabled by default, in some cases (after a terminated p2p connection i.e.) the logs are filled with thousands of blocked entries, which obscures others and almost makes debugging impossible.
    Removing this is not really a big deal for advanced users, as needed resources for a given app can always be found online, but no firewall is complete without full logging facilities.
     
  21. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    293
    Location:
    Europe
    This is like complaining that the police keeps knocking on your door when you tell them to gtfo :D, you need to open the door and resolve the issue (or do something else, depends on the situation), meaning you need to handle the prompts, either allow it or tick "disable notifications for this app". I have it on 0 sec and that allows me to check every single connection attempt. With 1 sec, you see the first connection attempt out of all the connection attempts for that particular second, but you still miss the rest, with 0 seconds, there's no "cmon guys, gimme a little break now", so thus you get every single connection from the process, until you allow it or block it by checking the disable notifications tickbox. Or, let it keep going if you're curious. That's what I use it for. Since there's no delay, connections can be very fast and you may miss some if you don't have a fast reaction time and eyesight, so you can use a script that takes a printscreen every X milliseconds and then pastes the contents of the clipboard (printscreen) a storage so that you can later them check them if you want to

    So then why are you complaining that simplewall can't do it if none else can do it? Not that I support the "compare yourself to others" logic, because you can always do better, but I haven't had any issues or the need for this feature, so what exactly do you need it for?

    Lol bro, for the amount of time you spent complaining in this thread that it would take too much time for you to post on github, you could have already done it :argh:

    You can use regex to filter the logs, regardless of how many they are, I use notepad++
     
  22. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,927
    Location:
    Serbia
    I am complaining about logging, not notifications. These are 2 completely different things. You seem to not grasp this very well, but at least read what is being posted.
    This is not just about time, and I obviously have to spell it out....
    I am not opening accounts all around just to post a single tiny issue with an obscure app.

    [EDIT]
    There are other reasons for default disable. Excessive logging can be resource intensive.
    But thanks for the suggestion.
     
  23. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    293
    Location:
    Europe
    Oops missed that one. I still wonder what you need logging for tho

    Here's a deal, I can use mine or make a new acc on github, you send me what I need to post (on PM) and I post it there, you don't have to make acc

    Also, if you like coding-related stuff or you prefer raw editors over GUIs, you'll LOVE regex, it can get quite fun at times. It's like a mind puzzle, figuring out how to do stuff
     
  24. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,927
    Location:
    Serbia
    For server-type apps, mostly, to see what is being blocked and then make inbound rules out of it. But for advanced users, this is not a problem. I found an excellent quote by henry here -
    And this, I suspect will be the answer for inbound logging as well.
    A couple of years ago, someone (Stem, I think) used one of my posts (with my permission, of course) to report a bug in Jetico firewall, on their forums.
    As I said, these are open forums, and I absolutely have no problem with linking my posts elsewhere. But you'll get no PM from me, I only posted here to clear a bit of a mess... and stumbled upon the logging issue.

    I was not sarcastic above, I honestly meant 'thanks'. Believe I heard of it, but never used it. Will look into it. Again, time permitting of course :)
     
  25. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    293
    Location:
    Europe
    You know, in order to become one of those "advanced users" you have to actually do something about it. You can't just say "nah, I dont have the required knowledge, so Im gonna stay away from the "advanced tools" "
    Every1 starts from somewhere, theres always a first time, if you want to get knowledgeable at something, best way to is to just dive in, not tell urself "nah this is not for me, I can't do it". Yes you can, JUST DO IT
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.