Simplewall-Firewall

Discussion in 'other firewalls' started by co22, Oct 25, 2016.

  1. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    590
    Location:
    Germany
    Regarding this:
    I made a Github issue. https://github.com/henrypp/simplewall/issues/274 He wont change anything.
    Seems like he doesn't like people who ask for improvement. Was I rude?

    Edit:
    Thank you ;)
     
  2. anonskii

    anonskii Registered Member

    Joined:
    Dec 16, 2016
    Posts:
    18
    Location:
    UK
    i really do love this program, have it installed on all my PCs. excellent job Henry.
     
  3. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,938
    Location:
    Serbia
    You weren't, this may be just a simple language barrier. henry is not very expressive in English.
    This may be misleading to many (not-so-advanced users, to put it like that), but there is just a need to understand how this 'logic' works. I was able to immediately tell that you should not tick the box next to the app (as was the other poster in the other thread). So this is not really a big concern.
    ...
    What puzzles me here are these multicast comms on Chrome. There are no problems allowing (or blocking) these comms when svchost is concerned (Windows services make the same comms on default install). But when it comes to Chrome, the rules simply do not work. This may be something specific to Chrome which we do not understand.
     
  4. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    16,186
    simplewall v2.3.11 (14 December 2018)
    https://www.henrypp.org/product/simplewall
    Download
    Changelog
    sha256 checksum
    v2.3.11 (14 December 2018)
    • added "/install" argument for install filtering
    • added cache auto clean up (to prevent overflow)
    • changed minimum size of main window (issue #269)
    • changed installation message
    • increased rule parsing speed (issue #276)
    • memory optimization
    • fixed notification window appears on taskbar (regression)
    • fixed exclude user rules option was not working
    • cosmetic fixes
    • fixed bugs
     
  5. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    548
    Location:
    Europe
    Let's see how many of the bugs are fixed, I'm excited!
     
  6. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    16,186
  7. henrypp

    henrypp Registered Member

    Joined:
    Jul 27, 2017
    Posts:
    48
    Location:
    Nowhere
    v2.3.13 (3 January 2019)
    - added dns resolver caching
    - added dns resolver winsock fallback (issue #290)
    - avoid window flickering on window sizing
    - revert refresh filters on device arrival
    - fixed access rights for wfp provider and sublayer
    - fixed allocated strings dereferencing (issue #285)
    - fixed parsing hosnames with dashes (issue #271])
    - fixed localization (issue #288)
    - fixed bugs

    simplewall-2.3.13-bin.zip
    simplewall-2.3.13-setup.exe
    simplewall-2.3.13-setup.sig
    simplewall-2.3.13.sha256
     
  8. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,595
    Location:
    Mexico
    @henrypp

    This new version 2.3.13 seems to run a new netsh.exe command line as per my anti-exe detects when launching simplewall:
    Code:
    netsh advfirewall set allprofiles state off
    Is that correct and new?
     
  9. co22

    co22 Registered Member

    Joined:
    Nov 22, 2011
    Posts:
    365
    Location:
    router
  10. henrypp

    henrypp Registered Member

    Joined:
    Jul 27, 2017
    Posts:
    48
    Location:
    Nowhere
    It's old, but now it executed in every start
     
  11. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,595
    Location:
    Mexico
    Got it, thanks. Now whitelisted.
     
  12. lunarlander

    lunarlander Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    215
    Hi,
    If I select WhiteList mode, then all that's needed is Allowed Programs ? Meaning all other programs will be block outbound and will not be allowed to receive traffic inbound ?

    The bad thing I found with ZoneAlarm Free is that at first run, it recognized 56 programs, and set them to Auto. Then at next program run, it recognized 80 programs. I just wonder if this list will keep on growing. And what is going to happen when a program it does not recognize when incoming or outgoing traffic arrives. I am hoping that SimpleWall whitelist will stop everything outgoing or incoming if I don't have an allow rule.
     
    Last edited: Jan 8, 2019
  13. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    171
    Location:
    Poland
    not sure how to set my own rules, I can see user rules section but its empty
    right now I allow listening and loop for all for compatibility and perhaps performance reasons, allow DNS and DHCP in system rules, all blockslists are effective
    allowed out only for AV, browser and occasionally svhost for updates, is this safe enough?
     
  14. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    16,186
    simplewall v2.4 beta (21 February 2019)
    https://www.henrypp.org/product/simplewall
    Download
    Changelog
    sha256 checksum
    v2.4 Beta (21 February 2019)
    • new notification ui
    • improved transactions processing
    • added predefined rules (ftp, http etc)
    • added option to configure 6to4 redirections (it's allowed, but undocumented earlier)
    • added double-click for statusbar parts to make purgen faster
    • added option to secure installed filters
    • added more list view modes
    • fixed notifications stay visible when special rules applied for the app
    • fixed possible duplicate of special rules from notifications
    • fixed multithreading and possible race conditions
    • fixed duplicate filters callback on device arrival (issue #291)
    • fixed dropped packets csv log delimeter
    • fixed packages path retrieving (win8+)
    • replaced netsh commands by com interface
    • cosmetic fixes
    • fixed bugs
     
  15. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    171
    Location:
    Poland
    this beta is a big improvement in information and features with enable protection of installed filters, allow IPv6 redirections 6to4 and more informative pop-up windows that shows new connections, btw. works flawlessly with eset (I know about double firewall no-no rule but this is an exeption)
     
    Last edited: Feb 27, 2019
  16. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    548
    Location:
    Europe
    Why is it an exception?
     
  17. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    171
    Location:
    Poland
    because I need it, SD corrupts files under heavy load, and sometimes firewall 2, I need to make sure at least one works, it's unheard of and not typical just case specific for SD and that scenario of pc usage. They do not interfere badly, sometimes delays (not confirmed what is causing them) but generaly fast speeds and no spotted problems, also eset hips would protect simple wall. SW seams to have precendence over Eset when a new connection is found, so first click allow\deny on SW then on Eset. Other solution is using SD without connecting.
     
    Last edited: Feb 27, 2019
  18. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    16,186
  19. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    548
    Location:
    Europe
    I keep getting language pack updates every few days, anyone know what these are?
     
  20. tcarrbrion

    tcarrbrion Registered Member

    Joined:
    Dec 15, 2007
    Posts:
    80
    I am trying out Simplewall 2.3.13. If I disable windows firewall and use just Simplewall and scan my PC from elsewhere on my home network (Using Fing on a tablet) I find port 135 open and I don't know why. I have the following rules:
    Firewall1.jpg
     
  21. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    16,186
  22. lunarlander

    lunarlander Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    215
    tcarrbrion, I think WS-Discovery includes port 135 which is used by NetBIOS. Seasoned network admins are not bothered by it, as they allow NetBIOS, an old protocol, to roam their network. But SMB v1 is also an old protocol, used by File and Printer Sharing since the XP days, and there is a hidden security flaw, all through the years. And it was exploited by Wanna Cry ransomware to its massive success. So, I don't trust old stuff just because it has be sticking around for a long time. If you don't have shared folders in your network, then ban that protocol. The principle for configuring firewalls is DEFAULT DENY.
     
  23. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    16,186
  24. tcarrbrion

    tcarrbrion Registered Member

    Joined:
    Dec 15, 2007
    Posts:
    80
    Thanks.

    It's not the ws-discovery. Unticking all the protocols still leaves port 135 open. Looks like a bug in Simplewall to me. It is closed if I used Simplewall plus Windows firewall.
     
  25. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    16,186
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.