Add "Ask to Connect" mode to pause new connection and let user to allow/block it

[canny[bot]]

This issue has been linked to a Canny post: Interactive Mode :tada:

[mepherion]

Is this feature still on the roadmap for implementation?

It's the only thing preventing me from permanently using Fort Firewall

[tnodir]

Yes, this is. Ok, let me add some basic functionality…

[mepherion]

Thanks! Something similar to Netlimiter's prompt would probably work for most use cases

[wealstarr]

Thanks! Something similar to Netlimiter's prompt would probably work for most use cases

Nope, that doesn't work. It only asks for applications that you have added in the "ask" category. Who knows how many programs and services are connecting from behind your back.

It should be like xvirus firewall, where any app that tries to connect invokes a notification and ability to record the answer in settings permanently.

[mepherion]

Thanks! Something similar to Netlimiter's prompt would probably work for most use cases

Nope, that doesn't work. It only asks for applications that you have added in the "ask" category. Who knows how many programs and services are connecting from behind your back.

It should be like xvirus firewall, where any app that tries to connect invokes a notification and ability to record the answer in settings permanently.

Netlimiter has a setting that allows you to change the default blocker mode to "ask" instead of like deny all or allow all

[ahdung]

+1, Very need this feature.

[Littleweisheit]

This function is very important, please put this as your first priority

[tnodir]

This function is very important

Why?

Most firewalls don't pause connections, but just show notification about blocked ones: Windows Firewall Control (WFC) by BiniSoft.org, Simplewall, GlassWire.

Portmaster, NetLimiter pause connections, because they have drivers.

(I'm going to work on this feature on winter holidays. And now I'm doing other easy ones.)

[Littleweisheit]

This function is very important

Why?

Most firewalls don't pause connections, but just show notification about blocked ones: Windows Firewall Control (WFC) by BiniSoft.org, Simplewall, GlassWire.

Portmaster, NetLimiter pause connections, because they have drivers.

(I'm going to work on this feature on winter holidays. And now I'm doing other easy ones.) I am using Simplewall,It will ask me for allow or block,before that Simplewall will block connection.(Of course it is better to pause)

"Ask to Connect" It is more suitable for personal use scenarios and is different from the scenarios on the server.

Ordinary users don't know which software on the Windows system will connect to the network, and there is no way to write rules in advance. Editing the rules after problems occur will interfere with the user experience.

Especially in Windows, there are many software that will quietly connect to the Internet, and many users are unaware of this. Ask to connect will make users more aware of what is happening in their systems.

So almost all firewalls have the "Ask to Connect" function

NetLimiter is close source software.

[tnodir]

I am using Simplewall,It will ask me for allow or block,before that Simplewall will block connection.

1. Simplewall provides rules to Windows Filtering Platform (WFP) and does not block connections itself
2. Simplewall shows notification about blocked connection, because it can not pause connections

Fort also shows notification about blocked connection. So, I don't see a difference.

[Littleweisheit]

I am using Simplewall,It will ask me for allow or block,before that Simplewall will block connection.

1. Simplewall provides rules to Windows Filtering Platform (WFP) and does not block connections itself

2. Simplewall shows notification about blocked connection, because it can not pause connections

Fort also shows notification about blocked connection. So, I don't see a difference.

When “Fort” support "Ask to Connect"，The difference will be small. Simplewall not support path like: D:\softwate\ * \abc.exe the wildcard in path usually version number

[ahdung]

@tnodir But simplewall can Allow in the dialog:

Users don't care if it is pause or block the connection I think, we just need a dialog which provided a Allow and Block choices.

[mepherion]

There's a big difference between pause and block before asking to connect.

Pause would be least impactful to users.

Say you are installing an app and in the middle of the installation, it needs internet connection to continue. If the firewall straights up blocks and drops the connection, then the firewall prompts the user, user allows it, the installation would break. The user would have to cancel and retry it.

[ahdung]

I know the difference, I want to saying it doesn't matter, retry is fine, not too much inconvenience, user accepts retry, not accepts creating rules manually, that's the point, so Allow is not continue connection, it's just creating a rule automatically.

[danielmmmm]

For users who value privacy and security more than convenience, even blocking a connection would be preferable to allowing a connection, until the user choses to block or allow on a pop-up dialogue :-) A failed installation can be retried. A data leak is final and cannot be reversed.

[SimoLRepo]

This function is very important

Why?

Most firewalls don't pause connections, but just show notification about blocked ones: Windows Firewall Control (WFC) by BiniSoft.org, Simplewall, GlassWire.

Portmaster, NetLimiter pause connections, because they have drivers.

(I'm going to work on this feature on winter holidays. And now I'm doing other easy ones.)

I also join the supporters of this feature, by the way essential for any self-respecting firewall. At first glance this firewall already has pretty much everything you need, except a popup notification unfortunately. The absence of such functionality prevents me from using it as my main firewall.

The BiniSoft Windows Firewall Control actually temporarily blocks the connection and then alerts the user whether to allow it or not, personally tested with installers that required online content downloads.

[tnodir]

The BiniSoft Windows Firewall Control actually temporarily blocks

From WFC’s manual: “The notifications are displayed for blocked connections, not for paused”

[ahdung]

@tnodir Please don't care if it's a real "pause", we just want a button to create rules with one click on demand, this has worked well for many years on simplewall, the only problem with it for me is that it doesn't support wildcard fuzzy matching, so if your two tools combined that would be perfect.

[Littleweisheit]

@tnodir Please don't care if it's a real "pause", we just want a button to create rules with one click on demand, this has worked well for many years on simplewall, the only problem with it for me is that it doesn't support wildcard fuzzy matching, so if your two tools combined that would be perfect.

yeah,for now I just care "Ask to allow connect"

[SimoLRepo]

The BiniSoft Windows Firewall Control actually temporarily blocks

From WFC’s manual: “The notifications are displayed for blocked connections, not for paused”

WFC evidently does not consider "paused" (TIME_WAIT) connections simply because they have already been passed and allowed by the user. The connections that remain in this state are usually legitimate system processes, blocking them would not make much sense unless you set a "paranoid" mode.

However, I have read some threads on MalwareTips that report instabilities in this software. Until it's stable I won't be able to use it.

[tnodir]

I have read some threads on MalwareTips that report instabilities in this software.

@SimoLRepo Do you mean instabilities in Fort Firewall? Then they were fixed already.

[SimoLRepo]

Do you mean instabilities in Fort Firewall? Then they were fixed already.

Okay, thanks for the clarification

[tnodir]

Partially implemented in v3.11.0, i.e. "pausing the conn" is not yet implemented.

[Mexthey]

@tnodir simplewall works fine, but I rarely use the allow action, which for simplewall means allow all network connections. I use user rules more (inbound/outbound, protocol, port, IP address). Is there a similar feature?

[tnodir]

I use user rules more (inbound/outbound, protocol, port, IP address). Is there a similar feature?

@Mexthey Not yet. I’m working on it.

[Mexthey]

I use user rules more (inbound/outbound, protocol, port, IP address). Is there a similar feature?

@Mexthey Not yet. I’m working on it.

OK, I'll try it. I noticed someone above said "we just need a dialog which provided a Allow and Block", but to me user rules are also important. simplewall does not support paths such as C:xx\xxx* and cannot distinguish svchost.exe with different parameters, and the author does not seem to have plans to support these, but fort does. This is great, thanks.