Simplewall-Firewall

Discussion in 'other firewalls' started by co22, Oct 25, 2016.

  1. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    576
    Location:
    Lunar module
    v3.2.2 (29 July 2020)
    • user rules broken with 3.2.1 (issue #729)
     
  2. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,982
    Location:
    Hawaii
    Thanks Mood. The developer is VERY much on top of the task of keeping SW updated and progressing. He is very actively responding to questions & issues at GitHub. By the way, if someone joins GitHub & posts in the "issues" venue, GitHub sends email notices whenever there is activity concerning SW.

    I installed 3.2.2 on-top of prior version. Smooth as silk!

    I'm delighted with this firewall. It's user-friendly and extremely light on CPU and RAM.
     
    Last edited: Jul 29, 2020
  3. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    589
    Location:
    Wallachia
    I just had a crash with this version.I was running a HItmanpro-x64 scan, left it unattended for some minutes and a message on the screen was telling me that simplewall crashed.
    The only new thing was a custom BLOCK All rule created for what is named "System".

    Another thing to report, seen in beta as well, the "resolve network addresses" doesn t seem to be working.It was working with the old log type, but in the new log it doesn t as well as in the notifications.IP-s are not resolved.Simplewall.exe is blocked though, via a custom rule, as it was with 3.2.1.

    The UAC bug is no more though.
     
    Last edited: Jul 30, 2020
  4. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,982
    Location:
    Hawaii
    @Sm3K3R -- 1- Have you posted these issues at GitHub?

    2- I never block System. Why would you do so?
     
  5. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    589
    Location:
    Wallachia
    1.I have the impression that the developer reads here as well, I may do that
    2.Why wouldn t I, if i can ? :)
     
  6. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,982
    Location:
    Hawaii
    I hope that you do post your issues at SW's "issues" site at GitHub.

    By the way, I re-read this entire Wilders forum thread and could find no indication that SW's developer has ever participated in it. I doubt that he even knows this thread exists. Like many open-source developers, his "home-base" for seeking comments to improve & debug SW seems to be exclusively at GitHub. Bear in mind, Microsoft Corporation now "owns" GitHub, and does give some monetary support to those developers at GitHub who develop a strong base of Sponsors. That fact alone is a strong motivator for developers to home-base at GitHub.
    I asked you an honest question. It was not intended as some sort of a challenge or attempt to start another off-topic debate. I don't do that sort of thing.

    I asked that question with the hope of learning exactly which System file you were blocking, and why. I also hoped that you would share something more about that System file relative to the essentiality, or non-essentiality, of its being connected to the internet.
     
    Last edited: Jul 30, 2020
  7. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    30,652
    ...look again: @henrypp
     
  8. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,982
    Location:
    Hawaii
    @mood -- Ach, you are sooo right! I didn't make the henrypp connection with SimpleWall.

    His last post was March 2020, right? In recent weeks, it's a shame that one poster felt the need to bash SW's developer. I wonder if that's the reason why henrypp hasn't posted here in a while.

    I still think it's a good practice to post bugs & other significant issues on SW's board at GitHub. I have seen that SW's developer is visiting & posting there rather frequently.
     
  9. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    589
    Location:
    Wallachia
    @bellgamin

    I gave you a honest answer as well.
    I post in good faith.
    I like to play with such software.
    The "System" I am referring to is the one you can find under the Apps tab in the Simplewall FIrewall interface.
    The " System" has a nice custom block all rule add-ed to it in my installation.
    Furthermore, as with the beta, what is in the "apps with no internet access" or exes of the system that do not trigger a pop-up seem to be blocked to connect TCP, but the DNS calls seem to be made though.
    As such I would recommend users that want to block as much as possible to add a custom block rule for any apps that go into the "app-s with no internet access" section.

    Repeated the steps that were made when the crash occurred, but it seems I couldn t trigger it again.Maybe it was a glitch of some sort.

    I think that the developer should implement the "apps with no internet access" properly and any app that falls into that section to be really internet blocked, with NO ability to do DNS (UDP) calls as well.
     
  10. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,982
    Location:
    Hawaii
    Ah so. The "System" file listed under SW's Apps tab is ntoskrnl.exe. Its role is explained HERE. Several years ago it was discussed at Wilders, in conjunction with the dearly departed Sygate FW, HERE.

    I'm on Win7. I assume you are on Win10. May I ask why you blocked System with a custom rule instead of just clicking "block" when SW popped an alert?
     
  11. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,832
    Location:
    Canada
    I block System always - no exceptions.
     
  12. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,982
    Location:
    Hawaii
    Two honest questions:
    1- Why?

    2- When you say "System," you are talking about ntoskrnl.exe (NT Operating System Kernel), right? If not, what file(s) do you mean by "System".
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    I saw somewhere (can't remember where) that corruption or disruption of ntoskrnl.exe will almost certainly yield a screwed-up OS &/or BSOD. Ergo, I have just now structured EXE Radar Pro to put BOTH of the ntoskrnl.exe files (one in System32 & the other in SysWOW64) under "Vulnerable Processes." This is a "watch - report - don't interfere" setting.

    I do hope that @wat0114 or @Sm3K3R (or whoever) will further explain why connections by this key Windows file should be blocked. From what I have read, ntoskrnl.exe is a gut file of the Windows OS. Thus, I am overly cautious about messing with its functioning. ~Comment removed~. :rolleyes: :cautious:
     
    Last edited: Jul 31, 2020
  13. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    589
    Location:
    Wallachia
    @bellgamin

    So you are using latest Simplewall version on a Windows 7 install ?
     
  14. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,982
    Location:
    Hawaii
    Yes. I am running SW 3.2.2 & sticking with Win7, awaiting the arrival of Win11 or Win12. :isay:
     
  15. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,832
    Location:
    Canada
    because it doesn't need to connect, at least in my case and for the majority of Windows users. See where it's trying:

    Code:
    System  Blocked  In  UDP  192.168.1.254  48723  192.168.1.70  137 
    Port 137 is NetBIOS. I don't file or print share so not required to allow. 192.168.1.254 is my router LAN-side interface, 192.168.1.70 is my device's network interface.

    The actual System process you will see when you launch Task manager.
     
  16. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,982
    Location:
    Hawaii
    Thanks for the info, @wat0114 -- Reference HERE et alia:
    ***By "System" I assume @wat0114 is referring to PID 4, correct? Process Explorer will list PID 4 whereas Windows Task Manager on Win7 will not -- maybe different on Task Manager for Win10?

    PID 4 System is responsible for the system memory and compressed memory in the NT kernel. This system is a single thread running on each processor. It is the host of all kind of drivers (network, disk, USB). The related file name is ntoskrnl.exe, as "System" is defined on SimpleWall.

    @wat0114 -- Are you actually using Simplewall to block System or are you blocking by use of some other firewall? If you blocked System by Simplewall, please share the rule(s) you used.
     
  17. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    576
    Location:
    Lunar module
    I use a different firewall, all outgoing and incoming are blocked for System. If you are using a local network, then you need to create allowing rules for ports 135,137,138,139,445
     
  18. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,982
    Location:
    Hawaii
    Very clear & to the point -- thanks for the information.
     
  19. Deletedmessiah

    Deletedmessiah Registered Member

    Joined:
    Feb 20, 2018
    Posts:
    94
    Location:
    Outer space
    I used to block "system" a year ago or so with this firewall and I didn't have any issues back then so it seems like a bug.
     
  20. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,832
    Location:
    Canada

    yes, that's correct

    yes, it's very important in order for Windows to run properly, just not important in most cases to allow it network connectivity.

    I use a different firewall.

    some other Windows processes I block with the firewall:

    C:\Windows\explorer.exe
    C:\Windows\system32\usocoreworker.exe
    C:\Windows\system32\RuntimeBroker.exe
    C:\Windows\system32\backgroundTaskHost.exe
     
    Last edited: Aug 2, 2020
  21. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    576
    Location:
    Lunar module
    C:\Windows\system32\svchost.exe - I block all in/out.
     
  22. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,832
    Location:
    Canada
    I use DNS service, but I restrict svchost to specific dns IP addresses and ports. Also to specific update server IP ranges and port 443
     
  23. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,982
    Location:
    Hawaii
    @wat0114 & @aldist -- Great information for SimpleWall folks... & for neophyte FW users in general. Many thanks.

    At Everybody -- I for one am hesitant to use a firewall to totally block svchost.exe. I would like to do so because, as I understand it, malware can piggy-back on svchost.exe to access internet. However, svchost.exe is a key aspect of the operation of Windows so care must be taken not to interfere with its many *essential* functions. So far I have found that, if svchost.exe is overloading bandwidth at times, it seems okay to reduce that possibility by disabling Background Intelligent Transfer Service (BITS) as discussed HERE.

    I do hope that others will chime in with their thoughts & experiences concerning the use & rules for having SW block SYSTEM &/or svchost.exe.
     
    Last edited: Aug 2, 2020
  24. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,832
    Location:
    Canada
    If you keep your O/S, your Browsers and email secure, any other Internet-facing apps as well, then you should have no concerns about piggybacking malware. It is a nice additional layer of security, however, to restrict processes and programs in how they can connect to the Internet, but you need to invest a lot of time and effort, and have a reasonably decent understanding of networking basics in building a granular ruleset that works for the firewall you're using. I've been working on mine for over a week, off and on, to get it close to where I want it.

    OTOH, you can keep things really simple and allow out to any port, any address, and any protocol for all your programs and processes, and simply block most if not all inbound attempts. in that case, you would only need the built-in firewall. But is there any satisfaction in that?

    EDIT:

    I forgot to mention, most if not all 3rd-party firewalls do offer a basic yet half decent ruleset for common programs, offering rudimentary security, at least better than allowing outbound unleashed on all levels.
     
  25. hayc59

    hayc59 Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,770
    Location:
    USA Trump Town
    wat..hello bro
    what firewall are you using?
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.