Command line parameter to disable/enable traffic

[03302024]

Suppose the app is already running. I am looking for these two command line parameters to have an internet kill switch:

FortFirewall.exe /BlockAllTraffic FortFirewall.exe /BlockTrafficDisabled FortFirewall.exe /BlockInternetTraffic

[tnodir]

Please check v3.14.11-test02.

Usage:

• "FortFirewall.exe -c block all"
• "FortFirewall.exe -c block none"
• "FortFirewall.exe -c block internet"

[03302024]

Thank you for the test version. The command line options work just fine.

I have a question for you: There is an app that needs connection to 127.0.0.1. When all trafic is blocked, that app still works fine. Does "all traffic" also include "traffic to 127.0.0.1"? Address 127.0.0.1 is in Exclude list.

[tnodir]

Does "all traffic" also include "traffic to 127.0.0.1"?

"Block All Traffic" does NOT include 127.0.0.1 (Loopback) and 255.255.255.255 (DHCP Multicast) addresses by default.

You can turn on the Options: "Filter Local Addresses (127.0 ...)" flag to include them.

See Filtering steps.

[03302024]

OK, the logic I would like to see is this:

block all = block internet + block LAN block internet = block internet + allow LAN block none = allow internet + allow LAN

In my tests:

1- To get such a logic as above, I have to only tick option "Filter Local Addresses". Is this correct? 2- If I tick option "Filter Local Network", it always blocks, no matter what block mode. May be a more descriptive text, for the option, would help.

[tnodir]

block all = block internet + block LAN block internet = block internet + allow LAN block none = allow internet + allow LAN

It works same now. But "block all" does not block 127.0/8 and 255.255.255.255.

[03302024]

It works same now. But "block all" does not block 127.0/8 and 255.255.255.255.

With "block all", I would like to "block LAN" as well.

[tnodir]

With "block all", I would like to "block LAN" as well.

It blocks LAN addresses.

Do you mean the 127.0.0.1 and 255.255.255.255 addresses too?

[03302024]

Do you mean the 127.0.0.1 and 255.255.255.255 addresses too?

Yes, please.

[tnodir]

With "block all", I would like to "block LAN" as well.

Double checked:

• ping 192.168.3.1 - OK
• check "Block All Traffic"
• ping 192.168.3.1 - FAIL
• check "Block Internet Traffic"
• ping 192.168.3.1 - OK
• check "Block Disabled"
• ping 192.168.3.1 - OK

[tnodir]

Yes, please.

1- To get such a logic as above, I have to only tick option "Filter Local Addresses". Is this correct?

Yes, it's correct. Just tick the "Filter Local Addresses" option.

[03302024]

OK, thanks.

[tnodir]

But "block all" does not block 127.0/8 and 255.255.255.255.

With "block all", I would like to "block LAN" as well.

@03302024 Do you mean by "block LAN" the 255.255.255.255 address?

Or loopback address 127.0/8 too?

---

I can improve the "block all" option to also block the 255.255.255.255, when the "Filter Local Addresses" flag is turned off.

(But the loopback address 127.0/8 will not be blocked with off "Filter Local Addresses" flag.)

Is it what you want?

[03302024]

Well, what I was thinking is this: "block all traffic" would block all traffic, no matter what. May be considering four modes would clarify things better:

block all = block internet + block LAN + block local block LAN = block internet + block LAN + allow local block internet = block internet + allow LAN + allow local block none = allow internet + allow LAN + allow local

[tnodir]

block LAN = block internet + block LAN + allow local

OK, let me add the "Block LAN & Internet Traffic" option too..

[03302024]

Thanks,. Also, "Filter Local Network" option below needs a bit more decrptive name. What is this option for?

[tnodir]

Also, "Filter Local Network" option below needs a bit more decrptive name. What is this option for?

If the "Filter Local Network" option is off, then LAN addresses are not filtered and auto-allowed.

LAN addresses are defined in the Options: IP Addresses: Internet Addresses: Exclude.

[03302024]

OK, thanks, I don't think this explanation is in the app's manual. Please add it there.

[tnodir]

Please check v3.14.11-test03.

[03302024]

Thanks for the test version. When I select "Block LAN and Internet Traffic", pinging 127.0.0.1 fails.

[tnodir]

Thanks for testing. Please check v3.14.11-test04.

[03302024]

Yes, it works now. You may alse have four different tray icon colors.

[tnodir]

You may alse have four different tray icon colors.

Suggestions please?

[03302024]

How about:

block all = red block LAN = orange block internet = yellow block none = blue

[tnodir]

Orange and yellow look same on small tray icon.

[tnodir]

Maybe:

block all = red block LAN = yellow block internet = blue block none = green

[03302024]

I think both blue and green colors are cool colors that don't represent any blocking. For blocking, warm colors are more representetive.

[tnodir]

block internet = gray

But again, the gray and green look same(

[tnodir]

Maybe just show the block's icon on tray too?..

[03302024]

Maybe just show the block's icon on tray too?..

Let see how it looks then.

[tnodir]

Let see how it looks then.

I don't like it(

[tnodir]

Added Filtering logic to docs.

[tnodir]

Command-line argument was changed to "-c block no|inet|lan|all" in v3.14.12.

[03302024]

Command-line argument was changed ...

Thanks for the info.