Simplewall-Firewall

Discussion in 'other firewalls' started by co22, Oct 25, 2016.

  1. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,901
    Location:
    Canada
    Hello hayc,

    please check your pm.
     
  2. intp1

    intp1 Registered Member

    Joined:
    Aug 3, 2020
    Posts:
    1
    Location:
    Ljubljana
    I just installed SW and am trying to determine what not to block in the filters. If I go with the default rules I have no internet access at all.
    Any tips on what to back off ?


    ust
     
  3. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,901
    Location:
    Canada
    The first place to check is the firewall's log file. That should reveal what's being blocked.
     
  4. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,156
    Location:
    Hawaii
    1- Right-click SW's icon in system tray (icon is a flame of fire) -- then click "Show/Hide" on the resultant pop-up menu. Doing that gets you SW's Graphic User Interface (GUI).
    2- On the GUI, left-click the left-most tab, "Apps". Doing that gets you a list of Apps that have "come to SW's attention" thus far since you began using it.
    2.a- Top section of that list is "Apps with internet access"
    2.b- Middle section is "Apps with user rules" -- (that section will be missing or empty if you have set no personally-developed user rules).
    2.c- Bottom section is "Apps without internet access"
    3- If there is an app in the bottom section "WITHOUT internet access" that you want to ALLOW it to have internet access, then simply put a check mark in the empty block beside its name & SW will automatically move it to the top section "WITH internet access."
    4- Conversely, if there is an app in the top section "WITH internet access" that you want to NOT allow it to have access, then simply remove the check mark in the block beside its name & SE will automatically move it to the bottom section "WITHOUT internet access."

    @intp1 -- Welcome to Simplewalll. I am just a user like yourself so I am still a learner, just like you. Thus far I have shied away from writing my own rules until I have more experience with this firewall. If you run across a possible bug in SW, or don't get the answers you need here at Wilders, then you should visit SW's MAIN website at GitHub -- it's HERE. To post there, you need to register with GitHub -- it's free & easy. To register, go HERE.

    By the way, I found it VERY useful to do this:
    1- Right-click SW's icon in System Tray
    2- Click "Packets log"
    3- Click "Enable packets logging to a file"
    4- Click "Enable packets logging interface (session only)

    Having done that, anytime you want to see what's has been going on (past actions), right-click SW's system tray icon, click "Packets log" then click "Show log".

    If you want to watch SW do its job (current actions) at the same time as things are actually happening, right-click SW's system tray icon, then select "Notification" then select each of the following:
    "Enable packets notifications"
    "Enable notifications sound"
    "Show notification window on tray"

    After a few days, you might want to turn Notifications OFF after SW has pretty much learned you & your computer (& vice versa).
     
    Last edited: Aug 3, 2020
  5. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    591
    Location:
    Wallachia
    3.2.2 is really a bad build for me.Crashes continuously even when no network is used.I have reverted to the 3.1.2 build.
     
  6. RioHN

    RioHN Registered Member

    Joined:
    Mar 14, 2017
    Posts:
    113
    Location:
    Here
    I believe the piggy-backing of svchost is primarily a BITS issue anyway, so if you have it disabled that shouldn't be a problem. Just be sure to check and make sure windows is still able to automatically update without BITS enabled.

    I'm running Win10 1909 build 18363.1016 here but not SW. I currently have a small whitelist of processes which can connect out, none of them are Microsoft executables. I'm not recommending it but if you do go the route of blocking svchost you'll need to allow DNS traffic to your chosen DNS servers and manually install windows updates. I'm sure other services (like time sync) may be affected too, I'll have to open up a thread to discuss it some day :).
     
  7. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,901
    Location:
    Canada
    Yes, time sync and DHCP (local/remote ports 547/546 & 68/67 will both be affected. BTW, I've successfully done it before and done it recently, allowing svchost out to specific Microsoft Update server IP ranges to port 443 only, even though others have said it doesn't work. It does. It just takes some patience and strategic use of a free whois IP service to determine the IP ranges to use. I block and log all attempts to port 80 and have the firewall alert me to connection attempts to other TCP and UDP ports.
     
    Last edited: Aug 21, 2020
  8. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    389
    Location:
    Island of Woman
    About system, as I said previously u need to allow only the browser and AV for typical home use case scenario (not everything, u can block banner / offer related AV exes or telemetry) all the rest must be shut, svchost for updates but sideloading of updates is better (svchost will try to auto connect if bitsadmin is enabled, but regardless of settings svchost is enough for the updates to run in auto, bitsadmin is dangerous, the service can update download files) and in the system apps param everything should be shut exept for DNS / DHCP, probably can be done better security wise, but with wifi DHCP is standard and comfy. In simple wall versions the system app setting would reset on update:( To reiterate everything else shut unless updating for a brief moment and Internet/router disabled if not actively needed (especially at restart shutdown ops) , why expose yourself to sharks if you don't need to be in the water, allow something if you are actually using it, if you are not driving your car turn off that engine(that includes everything on the host) , it's easy and fast with simplewall
     
    Last edited: Aug 21, 2020
  9. RioHN

    RioHN Registered Member

    Joined:
    Mar 14, 2017
    Posts:
    113
    Location:
    Here
    I've been really impressed lately with how easy it is to update Win 10 offline via the catalog site. Example is the below Microsoft site where you can click the cumulative update you want and get a link directly to the file on the Microsoft update catalog website:
    https://support.microsoft.com/en-us/help/4529964/windows-10-update-history

    I also have a Win 10 Pro VM as a backup... I can update it the conventional way and then use the media creation tool to update the host with very little effort. Driver updates I tend to do manually.
     
  10. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    626
    Location:
    Lunar module
    SimpleWall v.3.2.3 (Released Aug 25 2020)
    This is a maintenance release.
    • added ncsi system rule (issue #709)
    • added command line mutex checking (issue #750)
    • added noficitation window redraw (issue #731)
    • use logical sorting order (issue #735)
    • check for provider status before create filters
    • do not highlight connections in log tab
    • fixed support oldest win7 versions (issue #737)
    • removed listview empty markup
    • cosmetic fixes
    • fixed bugs
     
  11. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,156
    Location:
    Hawaii
    Thanks @aldist

    Here's the download link;
    Code:
    https://github.com/henrypp/simplewall/releases/download/v.3.2.3/simplewall-3.2.3-setup.exe
     
  12. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    34,973
    simplewall v3.2.4 Released (5 September 2020)
    https://www.henrypp.org/product/simplewall
    Download
    Changelog
    sha256 checksum
    3.2.4
    • removed assertion from release builds (issue #764)
    • removed user service instance from the list (win10+)
    • fixed parsing not existing apps (issue #732, #739)
    • displays incorrect name on timer expiration
    • check app timer expiration on profile load
    • incorrect read-only rules tooltip markup
    • create filter does not report errors
    • fixed checking of file attributes
    • fixed parsing ip/port ranges
    • cosmetic fixes
    • fixed bugs
     
  13. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,156
    Location:
    Hawaii
  14. Deletedmessiah

    Deletedmessiah Registered Member

    Joined:
    Feb 20, 2018
    Posts:
    99
    Location:
    Outer space
    How stable is this firewall nowadays? It was pretty stable for me last time I used it but there were several reports of stability issues from other users.
    I haven't used it for over a year since I'm using EIS.
     
  15. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,156
    Location:
    Hawaii
    It's totally steady on my computer. I have run it for months & always have the latest version.
     
  16. drhu22

    drhu22 Registered Member

    Joined:
    Aug 21, 2010
    Posts:
    440
    Its running well on mine except it wont seem to autostart with windows... seems I saw someone post this problem once but cant find it.
     
  17. warrior99

    warrior99 Registered Member

    Joined:
    Nov 21, 2014
    Posts:
    47
    check
    settings / general configuration / load on startup
     
  18. drhu22

    drhu22 Registered Member

    Joined:
    Aug 21, 2010
    Posts:
    440
    Thanks... I had that part figured out
     
  19. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,156
    Location:
    Hawaii
    Did your problem get fixed? If not, please take note that SimpleWall's developer closely monitors and responds to issues posted at GitHub.
     
  20. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,585
    Location:
    USA
    Is it possible for the user to write IDS/IPS rules and then have SimpleWall notify the user and log the event when IDS rules are triggered?

    A simple IDS rule would be to monitor when an IP address port scans a sequence of common service ports. If an IP address is port scanning several common vulnerable ports then they are likely up to no good.

    edited 9/17/20 @ 9:07 pm
     
  21. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,156
    Location:
    Hawaii
    I do not know -- it's over my pay grade. But I sure wish I did know!!! PLEASE ask your question at SimpleWall's GitHub board.

    By the way, do you know of any firewall that DOES enable user IDS/IPS rules? I would love to install such a FW & strive to learn its use. I have been tempted to try Evorim Free -- at first glance it has what seems to be a powerful user-set-rules capability. However, it's a bit too heavy for my aging laptop. :oops: Concerning which, SimpleWall is one of the best power-to-lightness FWs I have found to date.
     
  22. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,585
    Location:
    USA
    You can create simple IDS rules with Eset, and Eset comes with IDS rules already configured that seem to work well. I'm just not satisfied with Eset's UI because the settings are too deeply embedded, and the layout is horrid for my taste! IMOP, it's painful to work with. Eset also appends "allow communication for", and "deny communication for" to the beginning of every FW rule. The extra string of text it appends to firewall rules clutters up the columns, and is completely unnecessary. It can be manually removed though. You have to remove each string of text, one by one, which is a little tedious. Also, now every time I create a new firewall rule by way of the firewall prompt, I have to respond to Windows UAC to elevate my privileges, so this causes me to have to respond to both the firewall prompt and UAC, when ticking the box to remember my choice. This is just more unnecessary work when dealing with the firewall.

    Eset does seem to have good IDS, and Botnet rules that come configured with the firewall. Eset allows many services by default that most home users will never need, but Eset is suppose to filter that traffic. It would be safer to block traffic for services you don't use though. When using Eset I always go in and disable the default allows rules for stuff like allow remote registry service, Allow Admin shares in SMB protocol, etc..

    I've wanted to check Evorim FW out myself. I like SimpleWall's layout, it's way easier to navigate and work with than Eset's. I love how you can access everything from one Window through multiple tabs. It gives quick access to everything. If your new to Eset, then it may take a while to find what your looking for. Many of the options are pretty deeply embedded in the settings. I used SimpleWall a couple years ago, and I think maybe it could be a good option once it has matured. I'm not sure how mature it is, since it's been 2 years since I used it. One thing is for sure, I really love it's UI design because it gives such quick access to everything.
     
    Last edited: Sep 18, 2020
  23. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    389
    Location:
    Island of Woman
    wait you want to use simplewall with evorim, is it a viable/tested option?
     
  24. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,585
    Location:
    USA
    No, I don't want to use Evorim FW with SimpleWall. Evorim FW was mentioned to me by another poster above, and I was just saying I have wanted to give Evorim a try to see what I think about it

    I plan on giving SimpleWall a try soon. I think I may really like SimpleWall because of it's well designed UI. I need a good front-end to Windows Filtering Platform that will allow me to write my own IDS/IPS rules.
     
  25. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,483
    Away from security, I won't use neither nor of those. simplewall has a really poor documentation (github), no zone modell. evorim zone modell is present but kept simple, "apply rule" for processes is not clear. The "Tools" option is not acceptable for a firewall, at least its a black box in evorim and no one knows what it switches and how windows will behave. Both have more cons than pros from my view. And both work on their own away from Windows firewall.
    They have to compete here with Windows 10 firewall control, which ofc is not free if full featured but that's a decent stand-alone firewall. (the free has too many limitations to be competitive).
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.