[Question] What can I do to speed up Simplewall while using the packet log window?

[KDAM71]

Describe the question with as much detail as possible.

I like to keep the packet log running so I can quickly take a look at the network traffic. When it is running for a while, Simplewall starts responding slower and slower up to a point where windows says it's not responding. It's the entire program that responds slow not just the packet log. Is there something I can do to keep it responding normally?

App version: 3.7.6 64 bit Windows version: 11 home 22H2 22621.2861

[Uj947nXmRqV2nRaWshKtHzTvckUUpD]

i also experience slowness or even hang or complete freeze when an app intensively tries to connect to a blocked endpoint and the packets log tab is selected. it's pretty easy to reproduce by launching some game for example and blocking random endpoints. Also related to: https://github.com/henrypp/simplewall/issues/1642

my workarounds so far:

• allow granularly the endpoints that are needed by the app
• for other endpoints that are blocked (eg. telemetry/tracking/ads or other non vital stuff), you can leave the log running for a while and then close the app before simplewall freezes. then block the hosts directly in windows hosts (or using acrylic DNS). This is somehow related to https://github.com/henrypp/simplewall/issues/1682

Also as an advanced way of dealing with this is to use a secondary firewall which can complement simplewall. But i wouldn't recommend unless you have lots of patience and good networking/security/privacy understanding.

[KDAM71]

Thank you for your reply.

I'm not sure the issue is caused by blocked endpoints in my case. When I turn of the log window but leave the log file running this problem is not an issue. It might have something to do with sorting the data in the log window when the amount of data gets bigger.

Am I to understand I can use the hosts file to block urls?

[Uj947nXmRqV2nRaWshKtHzTvckUUpD]

Thank you for your reply.

I'm not sure the issue is caused by blocked endpoints in my case. When I turn of the log window but leave the log file running this problem is not an issue. It might have something to do with sorting the data in the log window when the amount of data gets bigger.

Am I to understand I can use the hosts file to block urls?

Some thoughts on this below:

" I'm not sure the issue is caused by blocked endpoints in my case"

• in the log you'll only see blocked ones

"When I turn of the log window but leave the log file running this problem is not an issue. It might have something to do with sorting the data in the log window when the amount of data gets bigger."

• yes my guess as well.. it has something to do with the interface being overloaded with data
• I must mention that I also clear up the log sometimes, just to prevent the freezing before it happens

"Am I to understand I can use the hosts file to block urls?"

• yes, you can block domains and subdomains in hosts either manually or automatically (i use https://github.com/ScriptTiger/Unified-Hosts-AutoUpdate to block trackers/ads/telemetry)
• to find these domains you need to reverse DNS lookup the IPs into (sub-)domains, so you will need to enable under settings > resolve network addresses, write down the domain and block it in C:\Windows\System32\drivers\etc\hosts.

... However, not all records are always resolved as expected in simplewall, as some endpoints might be load balancers or CDN etc. this is an extra reason why I use another firewall in tandem with simplewall which properly resolves all endpoints.

My wild guess is that simplewall intercepts the destination ip (resolved by OS's DNS nameserver) and tries to perform reverse DNS lookup on the IP, while my other firewall (ESET's) using a driver intercepts the initial URL subdomain the app tries to connect to. It's worthy to note that usually antiviruses are know to perform some kind of MITM in the process to verify against malicious traffic by injecting their CA certificate in the trust store.

It's actually easy to test this hypothesis: block ms store in simplewall (uwp app) open it find in log that it tries to connect to 92.122.17.193, resolved by simplewall to a92-122-17-193.deploy.static.akamaitechnologies.com (this is CDN = content delivery network) Now, if i allow 443 port in simplewall and let ESET's interactive firewall intercept the request (which is done after Windows Filtering Platform (WFP) implementation), the ESET's popup will ask me to allow/block request from MS Store towards storeedgefs.dsx.mp.microsoft.com, which is the "real" domain that you would want to block in the hosts file. See more details below:

PS C:\Users\User> nslookup 92.122.17.193 8.8.8.8
Server:  dns.google
Address:  8.8.8.8

Name:    a92-122-17-193.deploy.static.akamaitechnologies.com
Address:  92.122.17.193

PS C:\Users\User> nslookup storeedgefd.dsx.mp.microsoft.com 8.8.8.8
Server:  dns.google
Address:  8.8.8.8

Non-authoritative answer:
Name:    e16646.dscg.akamaiedge.net
Addresses:  2a02:26f0:3100:78a::4106
          2a02:26f0:3100:78f::4106
          2.20.124.185
Aliases:  storeedgefd.dsx.mp.microsoft.com
          storeedgefd.xbetservices.akadns.net
          storeedgefd.dsx.mp.microsoft.com.edgekey.net
          storeedgefd.dsx.mp.microsoft.com.edgekey.net.globalredir.akadns.net

Now, I know having both simplewall (open source) and a 3rd party firewall defeats the purpose of relying on open source software, but for now I need to use both and also hosts file to cover all the features I need.