simplewall
Definitely for advanced users.
Description:
Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer.
The lightweight application is less than a megabyte, and it is compatible with Windows 8.1 and higher operating systems.
You can download either the installer or portable version. For correct working you are require administrator rights.
System requirements:
Donate:
GPG Signature:
Binaries have GPG signature simplewall.exe.sig
in application folder.
- Public key: pubkey.asc (pgpkeys.eu)
- Key ID: 0x5635B5FD
- Fingerprint: D985 2361 1524 AB29 BE73 30AC 2881 20A7 5635 B5FD
Nota bene:
Keep in mind, simplewall is not a control UI over Windows Firewall, and does not interact in any level with Windows Firewall. It works
over Windows Filtering Platform (WFP) which is a set of internal API and system services that provide a platform for creating network filtering
applications. Windows Filtering Platform is a development technology and not a firewall itself, but simplewall is the tool that uses this technology.
Features:
- Simple interface without annoying pop ups
- Rules editor (create your own rules)
- Internal blocklist (block Windows spy / telemetry)
- Dropped packets information with notification and logging to a file feature (win7+)
- Allowed packets information with logging to a file feature (win8+)
- Windows Subsystem for Linux (WSL) support
- Windows services support
- Windows Store support
- Free and open source
- Localization support
- IPv6 support
To activate portable mode, create "simplewall.ini" in application folder, or move it from "%APPDATA%\Henry++\simplewall".
Reviews of idiots:
![](https://github.com/henrypp/simplewall/raw/master/images/idiot_n1.png)
Look at them, he does not know about .gitmodules and how to use, lol.
PS: Without idiots we are not to be fun, yeah!
Installation:
When install rules, you can choose two modes:
- Permanent rules - rules are working until you disable it manually.
- Temporary rules - rules are reset after the next reboot.
Uninstall:
When you uninstall simplewall, all previously configured filters stay alive in system.
To remove all filters created by simplewall, start simplewall and press "Disable filters" button.
Command line:
-install - enable filtering.
-install -temp - enable filtering until next reboot.
-install -silent - enable filtering without prompt.
-uninstall - remove all installed filters.
Rules editor:
simplewall have two types of custom user rules rules:
- Global rules: rule applied for all applications.
- Special rules: rule applied only for specified applications.
To set rule applications, open rule and then navigate to "Apps" tab.
Rule syntax format:
---
- IP addresses `192.168.0.1; 192.168.0.1; [fc00::]`
- IP addresses with port `192.168.0.1:80; 192.168.0.1:443; [fc00::]:443;`
- IP ranges `192.168.0.1-192.168.0.255; 192.168.0.1-192.168.0.255;`
- IP ranges (with port) `192.168.0.1-192.168.0.255:80; 192.168.0.1-192.168.0.255:443;` (v2.0.20+)
- IP with prefix lengths (CIDR) `192.168.0.0/16; 192.168.0.0/24; fe80::/10`
- Ports `21; 80; 443;`
- Ports ranges `20-21; 49152-65534;`
_To specify more than one ip, port and/or host, use semicolon._
---
IPv4 CIDR blocks:
---
|Address format|Mask|
|---|---|
|a.b.c.d/32|255.255.255.255|
|a.b.c.d/31|255.255.255.254|
|a.b.c.d/30|255.255.255.252|
|a.b.c.d/29|255.255.255.248|
|a.b.c.d/28|255.255.255.240|
|a.b.c.d/27|255.255.255.224|
|a.b.c.d/26|255.255.255.192|
|a.b.c.d/25|255.255.255.128|
|a.b.c.0/24|255.255.255.0|
|a.b.c.0/23|255.255.254.0|
|a.b.c.0/22|255.255.252.0|
|a.b.c.0/21|255.255.248.0|
|a.b.c.0/20|255.255.240.0|
|a.b.c.0/19|255.255.224.0|
|a.b.c.0/18|255.255.192.0|
|a.b.c.0/17|255.255.128.0|
|a.b.0.0/16|255.255.0.0|
|a.b.0.0/15|255.254.0.0|
|a.b.0.0/14|255.252.0.0|
|a.b.0.0/13|255.248.0.0|
|a.b.0.0/12|255.240.0.0|
|a.b.0.0/11|255.224.0.0|
|a.b.0.0/10|255.192.0.0|
|a.b.0.0/9|255.128.0.0|
|a.0.0.0/8|255.0.0.0|
|a.0.0.0/7|254.0.0.0|
|a.0.0.0/6|252.0.0.0|
|a.0.0.0/5|248.0.0.0|
|a.0.0.0/4|240.0.0.0|
|a.0.0.0/3|224.0.0.0|
|a.0.0.0/2|192.0.0.0|
|a.0.0.0/1|128.0.0.0|
|0.0.0.0/0|0.0.0.0|
---
IPv6 CIDR blocks:
---
`2001:0db8:0123:4567:89ab:cdef:1234:5678`
`|||| |||| |||| |||| |||| |||| |||| ||||`
`|||| |||| |||| |||| |||| |||| |||| |||128 Single end-points and loopback`
`|||| |||| |||| |||| |||| |||| |||| |||127 Point-to-point links (inter-router)`
`|||| |||| |||| |||| |||| |||| |||| ||124`
`|||| |||| |||| |||| |||| |||| |||| |120`
`|||| |||| |||| |||| |||| |||| |||| 116`
`|||| |||| |||| |||| |||| |||| |||112`
`|||| |||| |||| |||| |||| |||| ||108`
`|||| |||| |||| |||| |||| |||| |104`
`|||| |||| |||| |||| |||| |||| 100`
`|||| |||| |||| |||| |||| |||96`
`|||| |||| |||| |||| |||| ||92`
`|||| |||| |||| |||| |||| |88`
`|||| |||| |||| |||| |||| 84`
`|||| |||| |||| |||| |||80`
`|||| |||| |||| |||| ||76`
`|||| |||| |||| |||| |72`
`|||| |||| |||| |||| 68`
`|||| |||| |||| |||64 Single LAN (default prefix size for SLAAC)`
`|||| |||| |||| ||60 Some (very limited) 6rd deployments (/60 = 16 /64)`
`|||| |||| |||| |56 Minimal end sites assignment[12] (e.g. Home network) (/56 = 256 /64)`
`|||| |||| |||| 52 (/52 = 4096 /64)`
`|||| |||| |||48 Typical assignment for larger sites (/48 = 65536 /64) - Many ISP also do for residential`
`|||| |||| ||44`
`|||| |||| |40`
`|||| |||| 36 possible future Local Internet registry extra-small allocations`
`|||| |||32 Local Internet registry minimum allocations`
`|||| ||28 Local Internet registry medium allocations`
`|||| |24 Local Internet registry large allocations`
`|||| 20 Local Internet registry extra large allocations`
`|||16`
`||12 Regional Internet Registry allocations from IANA[15]`
`|8`
`4`
---
FAQ:
Q: Are internet connections blocked when simplewall is not running?
A: Yes. Installed filters are working even if simplewall is terminated.
Q: What apps are blocked in default configuration?
A: By default, simplewall blocks all applications. You do not need to create custom rules to block specific applications.
Q: Is it safe to use simplewall with Windows Firewall?
A: Yes. You do not need to disable Windows Firewall. These two firewalls work independently.
Q: How can i disable blocklist entirely?
A: Open Settings
-> Blocklist
and then click the radio buttons labeled Disable
.
Q: Where is blacklist mode?
A: Blacklist was removed many days ago for uselessness. But if you need it, you can still configure it.
Solution: Configure blacklist mode in simplewall:
---
1) Open `Settings` -> `Rules`
2) Uncheck `Block outbound for all` and `Block inbound for all` options.
3) Create user rule (green cross on toolbar) with block action, any direction, `Block connection` name and empty remote and local rule.
4) You can assign this rule for apps whatever you want to block network access.
---
Q: Why does my network icon have an exclamation mark?
A: When you are connected to a network, Windows checks for internet connectivity using Active Probing. This feature is named as NCSI (Network Connectivity Status Indicator). You can resolve this problem in one of the following ways:
Solution 1: Enable NCSI through internal system rule:
---
1) Open `System rules` tab.
2) Allow `NCSI` rule (enabled by default).
---
Solution 2: Disable NCSI through system registry:
---
Create `Disable NCSI.reg` and import it into registry.
```reg
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator]
"NoActiveProbe"=dword:00000001
"DisablePassivePolling"=dword:00000001
```
---
Solution 3: Disable NCSI through group policy:
---
1) Launch the group policy editor (`gpedit.msc` ).
2) Go to `Computer Configuration -> Administrative Templates -> System -> Internet Communication Management -> Internet Communication Settings`.
3) Double-click `Turn off Windows Network Connectivity Status Indicator active tests` and then select Enabled. Click Ok.
4) Open the Command Prompt (Admin) and enter `gpupdate /force` to enforce the changes made to the Group Policies.
---
Q: How can I disable Windows Firewall?
Start the command line as an administrator, and enter the commands below.
Disable Windows Firewall profiles:
---
~~~bat
netsh advfirewall set allprofiles state off
~~~
---
Enable Windows Firewall profiles:
---
~~~bat
netsh advfirewall set allprofiles state on
~~~
---
Q: How can I view all filters information?
Start the command line as an administrator, and enter the commands below.
Dump filters information saved into a `filters.xml` file:
---
~~~bat
cd /d %USERPROFILE%\Desktop
netsh wfp show filters
~~~
---
Dump providers, callouts and layers information into a `wfpstate.xml` file:
---
~~~bat
cd /d %USERPROFILE%\Desktop
netsh wfp show state
~~~
---
Open it in any text editor and study.
Q: How to fix Windows Update internet access?
Windows 10 and above:
---
Open main window menu `Settings` -> `Rules` -> `Allow Windows Update`.
This is working by method described [here](https://github.com/henrypp/simplewall/issues/677).
---
Windows 8.1:
---
Open main window, Navigate into `System rules` tab and then enable `Windows Update service` rule.
---
Q: Other questions:
(c) 2016-2024 Henry++