henrypp / simplewall Goto Github PK

hello
please add support adding rules by this way for custom rule
ip:*

• *is any port
  ip,ip,ip and more each ip different

problem is with Windscribe
i cleared my log so i dont have them
but i first see in log file created custom rule for them
but two of them is cause crash one udp rule and one igmp

it seems dosent uninstall fully my custom rule since i deleted my custom rules then uninstall filter and install filter again main program will be crashed still when i run Windscribe
and wont log anymore

C:\program files\windscribe\windscribe.exe (jjj-PC\jjj) [UDP:vpn:53] Intercepts inbound or outbound connect attempts [Remote]
C:\program files\windscribe\windscribe.exe (jjj-PC\jjj) [UDP:myip:60312] Intercepts inbound or outbound connect attempts [Local]
C:\program files\windscribe\windscribe.exe (jjj-PC\jjj) [UDP:vpn:53] Intercepts inbound or outbound connect attempts [Remote]
C:\program files\windscribe\windscribe.exe (jjj-PC\jjj) [UDP:myip:51033] Intercepts inbound or outbound connect attempts [Local]

crash log
https://gist.github.com/hesss5/d0237b67fd7e8ef57935e09fa3bdfc88#file-gistfile1-txt

thanks

Thanks for this app, it certainly looks promising.

Now I'm testing it on a remote VM machine running on that ridiculous Win10 (at home I'm still on 8.1. and using sadly no longer developed tinywall).

So I'm rather confused by the UI of the app. There is no system-wide rule for RDP and making a custom rule changes nothing. After some tests (for which I needed accesses to host machine as otherwised RDP is blocked) apparently I need to open svchost.exe... After that RDP works but that's way too permissive.

What is the actual way to allow only RDP connections but not allowing anything else?

Can't connect to PPTP server behind wfptool

Windows 7
WIndows 10 Version 1607 OS Build 14393.693

Run any network commands or interpreters to connect out via the network.

For example,

cmd.exe
ping.exe
nslookup.exe
wscript.exe
cscript.exe
powershell.exe
etc
etc

simplewall does not create entries for cmd, cmd utilities nor interpreters.

I have reported this issue before.

First thanks for this very nice piece of software.

I have an error since the first version 2.0 i tried ( maybe the 2.0.4b ) related to the control of windows firewall service within your program.

Here is the log ( same message in prior versions ) :
[‎24/‎09/‎2017 ‏‎08:43:35] OpenService() failed with error code 0x00000005 (mpssvc) [2.0.8]
[‎24/‎09/‎2017 ‏‎08:43:36] OpenService() failed with error code 0x00000005 (mpsdrv) [2.0.8]
[‎24/‎09/‎2017 ‏‎08:46:08] OpenService() failed with error code 0x00000005 (mpssvc) [2.0.8]
[‎24/‎09/‎2017 ‏‎08:46:08] OpenService() failed with error code 0x00000005 (mpsdrv) [2.0.8]

I am using windows 10 family x64 "insider" french version.
I am under an admin account, I tried running simplewall.exe as admin, same results.

Besides after stopping windows built-in firewall, windows doesnt recognize simplewall as a valid protection.

Just wanted to let you know, and again, thanks for this.
Regards ,

In version 2 (until the most recent) there is a problem with the program Internet Download Manager (IDM) because it's Integration Module doesn't work after installing the filters and only appears this message.

In version 1 (until version 1.6.5) this problem didn't exist.

I hope there's some way to fix it.

today I have realized that some apps started to showing notifications even I have disabled them before. If you have made 'disable notifications 999 times' or something in main code it must be cause of it. The apps I have encountered so far are; 'lcore.exe (Logitech Gaming Software)' and 'nvidia share.exe (which is connected to ShadowPlay)'

hello
is it possible to easily redirect or route traffic for specific program while vpn connected
to do not use vpn?

thanks

Firefox will be freeze time to time
after install filter and closing and opening different Firefox profile it happen
and even i can not kill process.its run in background but no window open

anybody have same problem?

thanks

When I mark system rules (i.e. DNS, DHCP, IGMP) some popup notifications appears for System and svchost processes.

System and svchost are allowed and while list activated.

Is there a way to prevent popup notifications from processes System & svchost when DNS, DHCP, IGMP system rules are selected?

Thank you very much.

wfptool-1.3.3-setup.exe is self extracting archive instead installer
https://github.com/henrypp/wfptool/releases/download/v.1.3.3/wfptool-1.3.3-setup.exe

Здравствуйте! Я тут столкнулся с последствиями её ошибочного применения - итогом стала блокировка сокета политиками. ОС стек видит, выход блокирован всем. Как последствие её переустановка с Recovery Service DVD изготовителя благо там и без того ошибок накопилось достаточно - ноутбук, а там свои особенности, да и в тот момент кое-какое железо поменяли из-за отказа.

Предложение такое - добавить функцию принудительного бэкапа настроек до внесения программой любых изменений и сброса всех установок фильтров WFP на момент данного бэкапа. Ранее с похожей ситуацией я сталкивался в Comodo Firewall v7.х и v8.х как последствия ошибок clink - в какой-то момент времени сеть вроде есть, дагностика сокета ничего не выявляет, а приложения и сама ОС выйти в сеть не могут и восстановление ОС из бэкапа чаще всего не помогает т.к. параметры запуска ОС сбиты наглухо.

Так что как мне кажется принудительное резервирование и возможность отката на данную резервную копию должны резко снизить верятность таких ошибок.

Install Wfp Tool and filtering

Wfp Tool will generate alerts for System, dnscrypt, Google, etc

After allowing the above processes within Wfp Tool, it will continue to generate outbound connection alerts.

NOTE: Also, you will notice that running ping.exe generates no Wfp Tool alert.

To watch video:

HTML5 folder > demo.html > right-click > Open with Google Chrome

Wfp Tool.zip

let say i created five Special rules
then if try to delete first 4 of rule wfptool.exe will crashed
but if i start delete rules from last rule everything fine

thanks

Dear Henry,

They have changed the name of Windows Firewall to Windows Defender Firewall.
Installing filters and disabling Windows Firewall from simplewall doesn't work anymore.

Thanks a lot, as always 👍 !

In whitelist mode, creating rules is very confusing.

1. Why are custom rules after creation via a notification not enabled by default?
2. Are custom rules created via a notificaiton linked specifically to the executable or not? Although the answer is yes (the tooltip denotes the path to the executable), the Rules Editor itself does not mention the executable anywhere.

By now I've figured out that I should create a custom rule (without enabling it), then right-click on the app and choose to allow it for that app. It's extra confusing if you're trying to create a custom rule from the context menu of an app and finding out that the created custom rule is not linked to that app.

A. I think mentioning the app path inside the Rules Editor would be necessary for clarity
B. I think creating a rule from the context menu should include the application one has right-clicked on

with just simplewall it can pass two test of grc.com
Solicited TCP Packets
Unsolicited Packets
great job
however third one not
Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.

https://www.grc.com/x/ne.dll?bh0bkyd2
can you add predifined rule for ICMP Echo request too?

thanks

Dear Henry,

First of all, thank you so much for this wonderful (and so much needed !) app ! I'm already using 2.0.13 and it's awesome...

I thought that you might be interested in adding an "anti-mining" blocklist filter, for example by using a list such as this one : https://raw.githubusercontent.com/greatis/Anti-WebMiner/master/hosts

Thank you so much again and have a great day !

The only problem seems to be that IP ranges do not work when the notation 0.0.0.0-110.44.255.255 is used. So this should be checked. IP ranges in the CIDR notation do work.

Old comment:

Apparently, allowing an app will overrule any custom (blocking) rules for that app? Custom rules should have higher priority, but the IP ranges I've set for an allowed app are NOT blocked. How should I allow an application to create outbound connections to anywhere, with the exception of a set of IP ranges?

I tried the other way around, by blocking the app and then creating a custom rule to allow everything outside of these IP ranges (and disabling notifications for the executable). No go.

On a side note: if it would have worked, can I specify multiple ranges in a single rule like this
0.0.0.0-110.44.255.255; 110.48.0.0-113.28.255.255? It seems to be accepted by the Rules Editor, but as said there is no effect at all. Even a single range like 113.30.0.0-203.216.255.255 in a custom allow rule doesn't stop SimpleWall from blocking everything for that app.

Hi @henrypp

I'm the developer of WindowsSpyBlocker and i'm glad to see that you're using these rules ;)
I wanted to know if it would interest you that I integrate and directly generates the blocklist.xml in my repository?

The structure would look like this:

data/simplewall/win7/extra.xml
data/simplewall/win7/spy.xml
data/simplewall/win7/update.xml

Then instead of copy / paste the rules from my repository you just have to download directly from your app the rules. A project called HostsMan can manage multi sources from the web and update automatically. I think it might interest you and why not also handle the blocking of domain names.

Let me know if you are interesting.

Thanks

Some project files are not updated. Some files are still linked like routine.cpp, rapp.cpp ...

Without the ability to resolve host IP in filter configuration some services hosted at short-lived DNS names are impossible to use. An example of such service is a SSTP based VPN on a dynamic host.
Without the IP, one has to resort to an extremely generic port based rule (allow TCP 443) for some Microsoft core processes thereby giving them very broad permissions.
These also seem to be an anomaly in DNS resolving in Windows 10 during VPN initiation phase of the built-in VPN. Until I have explicitly allowed UDP communication on port 53 the VPN was unable to resolve the hostname configured - even with the system rule "DNS+LLMNR" enabled! The process trying to resolve the IP was "svchost.exe."
I know that I can probably use a HOSTS updater to get around the DDNS VPN hostname resolution, but a general solution would be more user friendly.

Tooltip (on a grid in the main window) appears slightly wrong:
The first line is the path to the app in question and then it says "Path:" in the second line.
Then it follows with a name and signature (if any). So "Path" either should be first or maybe even better to get rid of that line completely.

hello
thanks for update
run portable version
right click on main window add process > all
then i select program that i want allow,then from file menu select setting
now i check and unch some options after click apply or close
all process added by "add process > all" will disappear include white listed program
this happen with or without installed filter

../routine folder with source/header files missing.

Windows 10

Disable Windows Firewall breaks updates of Windows Apps

WARNING !!

Uninstalling Wfp Tool does not return Windows Firewall and filtering for programs to a state prior to installing Wfp Tool unless...

When you uninstall Wfp Toll - BEFORE DOING SO - you must:

1. untick "Disable Windows FIrewall"; and
2. Uninstall filtering

Otherwise two things will happen:

A. Windows Firewall and associated services will remain disabled and cannot be started (Error 0x8007042c) https://support.microsoft.com/en-us/kb/2530126
B. Programs for which there was not an Allow rule created with Wfp Tool will not be able to connect to the internet

In other words, if you do not do the above, the disabled Windows Firewall and program filtering will persist on the system (in BFE Service\registry ?) AFTER uninstalling Wfp Tool.

You can correct this by reinstalling Wfp Tool and doing 1 and 2 above, but for 2 you must recreate all the rules that were present at the time you initially uninstalled it and then uninstall the filtering.

This issue is a real problem.

If you have in application within a symbolic link it gets detected and can be configured but in whitelist mode it is always blocked.
For example if you have a second partition and mount it into c-drive with

mklink /J C:\external \\?\Volume{00000000-0000-0000-0000-000000000000}\

then the app gets detected with C:\external\app.exe but it is still blocked.

I don't know if there's anthing that can be done as the windows firewall has the same problem so it might be a filter driver issue.

Edit:
The problem only occurs if the second partition doesn't have a normal drive letter. If it has and a rule to this path exists (e.g.: D:\app.exe) the app is allowed even if it is started from C.\external\app.exe

Edit 2:
In the latest beta the blocking problem does not occur. But apps get auto-detected with a path \device\harddiskvolumeX\app.exe
If apps are added manually (e.g. from running processes) everythings works fine.

I tried with 1.65 to 2.0.2 with Windows 10 and 8.1 it seems to happen randomly on longer periods of PC usage (from 4 hours I believe). It shows up in taskbar preview(I can see the UI from thumbnail too) but not as a window.

Yesterday I fresh installed a W10X64, and while I was setting up simplewall, I saw few popups to block or allow connections. Then I take the action. But while allowing some apps simplewall became unresponsive and I had to close it down.

Hello,

Could you create a Portable Version with collaboration with PortableApps?

Thank You.

Hi again :)

Been testing all beta versions and now 2.14 is really looking awesome, a lot of UI has been improved and it more or less makes sense now :)))

Still, for the main windows grid list, it is methodologically incorrect to split apps only in two groups, i.e. Blocked and Allowed. It should be three groups minimum: Blocked completely, Allowed and Filtered apps.
The Filtered group is for the apps which have custom filters on, it should be in the middle then.

I noticed you use colours to classify different apps like System, Signed, Having Filters, Disabled notifications etc. Whilst per se it is a good thing, having too many such colours makes UI too busy and not straightforward to use. Suggesting to rework the colour system and reduce the number of colours, but that's not very important atm, I guess.

It would be nice to be able to click on the external IP presented in a notification in order to lookup the IP with such a service.

Alternatively, a way to be able to copy the IP address to the clipboard would suffice.

Windows 7
Windows 10 Version 1607 OS Build 14393.693

As I user I want to enable dropped packet notifications - but at the same time - I do not want constant dropped packets notifications for loopback.

Also, if disable dropped packet notifications, but keep WFwAS enabled, simplewall will display dropped packet notifications.

I have reported these issues before.

how I can allow skype?
thanks good firewall 👍

Yesterday I've tried SimpleWall (portable) just to see how it works. I´ve set rules and suddenly al of my apps are unable to access Internet. I've removed the portable folder and restored Windows Firewall default settings, but no luck either. I've also tried to restore system to before but that also didn't work.

So my question is: how can I undo all settings made by simplewall in order to gain Internet access again?

Thanks

I am sorry to report, pal, that simplewall (1.42) is still not filtering traffic when used with VPN software. For example, when using a VPN program, I can easily browse the Web. SimpleWall lists the VPN program, which though, for navigating anonymously, I have to give it permission (that is, mark it, the VPN executable, as allowed). This time I used Simplefirewall default settings with White list mode on, but, sorry, the problem persists.

By the way, have you ever heard for evorim.com firewall? Its latest version can block VPN traffic. May you could get some programming help for solving the problem from them?

hello
possible add country ip filtering too?
http://ipdeny.com/ipblocks/
http://ipdeny.com/ipblocks/data/countries/dz.zone
example we drop "dz.zone" file inside simplewall.exe folder then its appear in blocklist filter.or in new zone filter tab
or if anyone have better idea

thanks for update.

Everytime Battlenet/Overwatch updates it shows up as an filter application (unticked), currently I have 3 battle.net.exe processes listed. tl;dr basically if I whitelist battlenet then it updates it should keep the exisiting whitelisted process and not treat the update it as completely new app everytime.

I have found out that Steam, Steam Webhelper and some other apps become unresponsive for a time (10 seconds to more than a minute) as long as you block the connection.

In this scenario I have allowed steam access but not webhelper so it became unstable.

could you please add the ability to add more than one custom rule at a time. import a list of rules would be awesome. thanks

Список пуст !

In Whitelist mode, I'm getting a notification of a blocked connection to a Microsoft server (40.77.226.247) by Explorer.exe, but when I try to find it in the simplewall.log file, it's nowhere to be found. I have no block/allow rule set for Explorer just yet.

question:i create allow rule for one program example when it ask for dns
but i wont tick it in main window to go in allowed apps
so its remain in blocked apps
so question is a created allow rule in notification window will allowed while
program is in blocked apps section or not?
and suggestion is add option in notification window to tick program so it go in allowed apps section directly

also i have this log
[‏2017/‏08/‏31 ‎‏02:59:06 AM] FwpmGetAppIdFromFileName() failed with error code 0x00000002 (C:\programdata\abelssoft\send2phone\program\send2phone.exe) [2.0.5]
[‏2017/‏08/‏31 ‎‏04:05:59 AM] FwpmEngineOpen() failed with error code 0x000006d8 () [2.0.5]
[‏2017/‏08/‏31 ‎‏05:27:21 AM] FwpmEngineOpen() failed with error code 0x80320010 () [2.0.5]

thanks

please if possible add support ip:port
i try this for vpn but not work
thanks

i cant connect l2tp server behind wfptool

i Added port 500, 4500 and 5000

New notification window is much better than in the previous version, much appreciated.

However there are a couple of UI logic problems still there.

First, it is not very clear what exactly Allow and Block actually do. It appears that Block does nothing (keeps blocking as before or actually nothing?) and Allow will actually check the app in the main window (i.e. enables everything for that app). I reckon many users can make an easy mistake here -- for instance clicking on disable notifications and then allow instead of disable.

There are a couple of allow options to create a new custom rule, which is very convenient, however there are no options to create a custom blocking rule. E.g. I might want to block that particular IP address but allow the app to access the rest of the internet.

Suggestion:
I think the best way around it would be to create block or allow custom rule based on the button clicked i.e. "Allow" or "Block". Of course the options text would need to be reworded for that.

I.e. Create a custom rule for .... address and then subject to the button clicked the allow or block rule is created.

In the current scenario the UI logic is broken -- because currently you select e.g. Allow rule by IP and then click on Block and that does nothing, apparently.

Hi, Henry:

Sorry to report this, but simplewall (1.46) crashes and is shut down by Windows every time I try to run it. I am running on a BPortuguese Windows 10 x64 1607 14393 1066 edition, NVidia GE Force 2GB, 8GM RAM, Asus MB.
Thanks for your dev efforts.
Regards.

Please sign the exe so Windows show it as valid.

Also it would be nice if you provide a GPG.asc signature for the binary so we can check if the file is realy from you. The checksum only provide a integrity test.

System32, SysWOW64 and Startup processes are default-allow in Wfp Tool.

Adding System32, SysWOW64 and Startup processes to the filter list (using Add Process) does not generate any alerts.

For example, add ping.exe and execute it (cmd > ping github.com) generates no alerts form Wfp Tool.

Malware often abuses System32, SysWOW64 processes and\or will insert itself to auto-run at Windows startup.