Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    177
    Location:
    Canada
    Awesome update alexandrud! :) Like the new quicker shortcut to access the Rules Panel :thumb: Have a few suggestions for usage improvement:

    1.) At the moment, to simply backup/restore the entire rules set or restore a partial rules set, I have to open the main panel and navigate to the "Rules" tab. IMO, this shouldn't be required when I have the "Manage Rules" window open, 'cause backing-up/restoring of rules is technically part of "managing" rules.
    I suggest adding context menu entries (at the "Manage Rules" section) for both the "Import Windows Firewall rules from a file" and "Export Windows Firewall rules to a file" links from the "Rules" tab of the main panel. If possible, do the same for the other two, however, include a confirmation dialog for the "Restore Windows Firewall default set of rules" link.
    To avoid clutter, you could make them into a "Backup/Restore" sub-context-menu (same icon as the current "Export selected rules" context ment.

    2.) I suggested this earlier b4, it was the ability to configure the "Location" AND "Direction" properties of a rule through the notification window when we click the "Customize" link. Any chance you could implement it? As stated before, just create a row of them with shorter names (to ensure it fits the window neatly), like:

    Location: ☑ Dom. ☑ Pri. ☑ Pub. <- These should be checkboxes
    Direction: ☑ In ☑ Out ☑ Both <- These should be radio buttons

    Hmm, based on what I just learned about Mod Security, sounds like alexandrud's Apache server is blocking access from your IP...or could just be an unrecognized browser agent being blocked...

    Are you able to use the update mechanism in the WFC main panel? 'Cause if you're able to access the update server from there, then it's most likely your browser that's being blocked. If not, it's your IP that's being blocked.
     
  2. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,169
    Location:
    Romania
    I agree with both these changes. I will implement them in the next release.

    Regarding the access to the website, I did not define any security policy to prevent access to it. Does this happen with different browsers ? Do you receive the same error if you try to access the website from another computer ?
     
  3. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    138
    Location:
    Belgium
    Thnks MrElectrifyer and Alexandrud to try to solve my difficulties to connect to binisoft.
    Some infos:
    A few months ago I had no problem, I think it was with the old site.
    Same error with the direct download link.
    Same error with three browsers.
    If I navigate with the webcache pages (of binisoft), I have the access.
    I have added this line in Hosts :50.87.146.202 binisoft.org > no change
    I have WXPSP3.
    Last but not least: if my firewall (sygate) is set to: 'Allow all' > it's ok!
    Am I wrong if I say that Alexandrud is a firewall specialist?!!
    Thanks again,M
    edit: by the way, I am a reg owner of WFC!
     
    Last edited: Jan 20, 2014
  4. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,169
    Location:
    Romania
    Maybe you have a block rule for the binisoft.org IP, domain, host, etc ? Check your firewall for this. The website is hosted in United States and we can connect to it from Europe, so it works for sure.
     
  5. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    138
    Location:
    Belgium
    on the contrary I have made a special rule to allow the access...
     
  6. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    577
    Location:
    Switzerland
    @myk1

    You say:

    If your Sygate Firewall is in "Allow All" state, then all is OK.

    Then I would say, the problem is on the Sygate-side.

    Maybe your special rule to allow the access is not good (enough), correct or whatever. Maybe you have another blocking rule with higher priority.

    Greetings,
    Alpengreis
     
  7. myk1

    myk1 Registered Member

    Joined:
    Sep 2, 2012
    Posts:
    138
    Location:
    Belgium
    Solved. There is a setting in Sygate:enable stealth mode browsing, which was 'on'. I turned it off> ok.
     
  8. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    577
    Location:
    Switzerland
    Hi,

    But you used WFC is not on Win XP, right?

    Because:

    IMHO the Win XP Firewall has no outbound control - and WFC IS NOT a firewall, it's a GUI for the Windows Firewall only ... AND the WFC compatibility is: "Compatible with all x86 and x64 versions of Windows 8.1, 8, 7, Vista and Server 2008" (at least so is the text on the WFC homepage) ...

    Greetings,
    Alpengreis

    PS: sorry if I ask stupid questions - it's just for clarification!
     
  9. m0unds

    m0unds Guest

    I was checking out WFC and noticed a quirk with rule generation. I have native IPv6 connectivity at home. When an application requests outbound network access, WFC adds the originating IP (either v4 or v6) and you won't see another prompt for the other protocol after.

    For instance, opening Chrome, it contacts google via v6 and I get a prompt to allow it. After that point, v4 connectivity will fail until I change the rule manually to permit outbound from the local v4 address.

    I'm assuming this is related to how WFC parses the WFP logs to generate rules?At any rate, is there any workaround for this aside from having to manually edit firewall rules after they're generated? i know there's a customization option in the rule generation prompt, but it only allows you to select any protocol, not any source IP.

    Just for reference, I had filtering set to medium and notification set to low.

    Thanks!
     
    Last edited by a moderator: Jan 24, 2014
  10. se7six

    se7six Registered Member

    Joined:
    Jan 25, 2014
    Posts:
    6
    Location:
    United States
    Thank you for this awesome GUI for the default Windows firewall! I immediately donated $10 as soon as I tried it. It's worth much more than that! It works great in Vista Business and I will be installing it on a couple of 7 Professional machines.

    Keep up the great work!

    :thumb:
     
    Last edited: Jan 25, 2014
  11. MrElectrifyer

    MrElectrifyer Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    177
    Location:
    Canada
    I recall us having a similar discussion earlier in this thread regarding IP to IP notification. We came to a conclusion along the lines of that's impotent paranoia.

    However, if you're that desperate to control every IP your browser connects to, you could use the "Recently Blocked" (or the new "Recently Allowed") connections feature to keep track of every IP Chrome connects to and make an allow/block rule for it. IMO, a more efficient way for you to avoid malicious/privacy-invading IPs is to use PeerBlock; you can configure it with readily-available (and regularly updated) block lists to block those IPs. Plus, easily block/allow every HTTP connection made by your PC.
     
  12. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,169
    Location:
    Romania
    When you create a new rule, do you create a generic rule that allows all connections for chrome.exe or do you create it only for a specific remote IP ? In your scenario, only for that specific Google IP. When you use Low notifications level you will see notifications only for unsigned applications. Signed applications will be automatically allowed by WFC.

    "but it only allows you to select any protocol, not any source IP."

    I don't understand this. By default it is "any source IP" when you create a new rule. Can you post an example of one of your rules that does not work as you wish and the change that you have to make in order to have it like you want ?
     
  13. m0unds

    m0unds Guest

    when starting chrome, it automatically adds an outbound rule, but the rule sets a custom IP that corresponds to whichever protocol is being used for outbound connectivity. usually, that ends up being IPv6. subsequent launches of chrome will prevent the use of IPv4 until I actually edit the rule and remove the "custom IP" or whatever it is to permit "any" source address instead. the IP being set in either case would be one 'local' to my machine, as a source IP for an outbound rule.

    -Launch Chrome; when launched, Chrome reaches out to google servers over IPv6

    -WFC (due to settings) automatically creates a rule utilizing a custom source IP that matches the IPv6 address assigned to my LAN interface. This is not a manually created rule, it's one created by WFC w/low notification settings engaged. Manually created rules are not a problem, because, as you said, they default to "any".

    -Try and visit a site without any IPv6 support (wilders is one such example). This will fail, as the rule created by WFC doesn't permit a source address other than the IPv6 one in the automatically generated rule.

    *EDIT*

    So, actually, in this case, I guess chrome reached out over IPv4 instead of IPv6, but the result is similar - WFC auto created a rule for chrome with a local source IP of my IPv4 LAN address. IPv6 connectivity is broken for chrome until i manually edit the rule, removing the source IP and changing it to "any".

    hxxp://imgur.com/a/KTYF6 (settings + example rule generated by WFC for chrome)
     
    Last edited by a moderator: Jan 27, 2014
  14. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,169
    Location:
    Romania
    Now I got it. I was able to reproduce this bug. It will be fixed in the next release. Thank you for reporting it.
     
  15. m0unds

    m0unds Guest

    i guess i missed your reply yesterday. you misunderstood - this is the outbound rule from my pc so...it's blocking my machine from making outbound connections with one of the addresses assigned to the PC itself, not a remote machine, and it's a bug.

    great, glad you were able to reproduce it :)
     
  16. Cvette

    Cvette Registered Member

    Joined:
    Apr 16, 2010
    Posts:
    373
    Location:
    South Carolina, USA
    I installed WFC4 today, however I am unable to open the program from the system tray as there is an immediate crash. Is this a known issue?
     
  17. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,169
    Location:
    Romania
    Hello Cvette. In order to find the problem please:

    1. Make a screenshot of the exception that you receive and send it to us on support@binisoft.org or post it here.
    2. Did you install recently any NET Framework update ?
    3. Is Windows Firewall service up and running ?
    4. What version of Windows do you use ? What version of WFC did you try ?
    5. Please go to Event Viewer (evenvtwr.msc). Under "Applications and Service logs" category, there is a subcategory named WFC. Here are logged all errors from WFC. When you are there, on the right panel is a button named "Save all events as...". Use this button to export an *.evtx file and send it to us to check the log.

    Looking forward to hear from you.
     
  18. Cvette

    Cvette Registered Member

    Joined:
    Apr 16, 2010
    Posts:
    373
    Location:
    South Carolina, USA
    Hi Alexandrud. I just left town last night, but I will get back to you ASAP. Thanks!
     
  19. Tong

    Tong Registered Member

    Joined:
    Aug 1, 2011
    Posts:
    23
  20. NSG001

    NSG001 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    682
    Location:
    Wembley, London
    Thanks for sharing :thumb:
     
  21. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    2,169
    Location:
    Romania
    Windows Firewall Control v.4.0.7.0 - New Version

    What's new:
    - New: From the notification dialog the user can now set the Location and the Direction of the new rule that will be created.
    - New: "Customize and allow..." and "Customize and block..." operations are now available also in the New Rules Wizard view.
    - Fixed: When the Low notification level is used, the rules that are automatically created for digitally signed programs have by default set the Local Addresses property. This property should be empty.
    - Fixed: The dialog for "Customize and allow..." and "Customize and block..." does not open in the Connections Log view.
    - Fixed: The InterfaceTypes property of a rule is not saved in the partial policy files and this info is missing after an import of a partial policy file.

    Installation notes: Just use the updater to update to the new version. That's all. The following translation strings were added in this version:
    Download location: http://binisoft.org/download/wfc4setup.exe
    SHA1: 67a97e57dd85cc747571b4db61ac4ff3b553f758

    Thank you for your support and your feedback.
    Alexandru

    If I missed something, please remind me and I will add it in the next version if it can be done.

    Thank you for posting this info. I am impressed that Steve Gibson was impressed. :)
     
  22. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,615
    Location:
    South Wales, UK
    Hi Alexandru

    Thanks for the heads up. Downloaded and installed...and all peachy here so far...looking good, so off to play with the release for a bit.

    Regards


    Baldrick
     
  23. m0unds

    m0unds Guest

    cool. thanks for the update!

    *edit* the fix for low notification setting + local interface addresses w/ipv6 & ipv4 is working great. thanks again!
     
    Last edited by a moderator: Feb 6, 2014
  24. rock_man

    rock_man Registered Member

    Joined:
    Feb 6, 2014
    Posts:
    55
    I think that was me. I tweeted it to @SGgrc in January. :thumb:

    Thanks for the post!

    I'm also a paid, registered, happy WFC user!
     
    Last edited: Feb 7, 2014
  25. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    577
    Location:
    Switzerland
    Hi alexandrud,

    1) Customize dialog if for more than one rule "in a row" is buggy:

    The first customize dialog (for example 1 of 3) is always okay - it takes the correct values for direction (here default = out) and location (here default = "All") ...

    WFC-Posting_1a.JPG

    But for all subsequent dialogs (2 of 3 and 3 of 3), these values ​​are empty ...

    WFC-Posting_1b.JPG


    2) Can you please make customizable the notification window?

    Unfortunately I always have to scroll ...

    WFC-Posting_2.JPG


    3) Default path for export possible?

    Unfortunately always the root directory is active. A configurable path would be desirable.

    WFC-Posting_3.JPG


    Greetings and have a great week!

    Alpengreis
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.