Home

Awesome

<h1 align="center">simplewall</h1> <p align="center"> <a href="https://github.com/henrypp/simplewall/releases"><img src="https://img.shields.io/github/v/release/henrypp/simplewall?style=flat-square&include_prereleases&label=version" /></a> <a href="https://github.com/henrypp/simplewall/releases"><img src="https://img.shields.io/github/downloads/henrypp/simplewall/total.svg?style=flat-square" /></a> <a href="https://github.com/henrypp/simplewall/issues"><img src="https://img.shields.io/github/issues-raw/henrypp/simplewall.svg?style=flat-square&label=issues" /></a> <a href="https://github.com/henrypp/simplewall/graphs/contributors"><img src="https://img.shields.io/github/contributors/henrypp/simplewall?style=flat-square" /></a> <a href="https://github.com/henrypp/simplewall/blob/master/LICENSE"><img src="https://img.shields.io/github/license/henrypp/simplewall?style=flat-square" /></a> </p> <p align="center"> <i>Definitely for advanced users.</i> </p>
<p align="center"> <img src="/images/simplewall.png?cache" /> </p>

Description:

Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer.

The lightweight application is less than a megabyte, and it is compatible with Windows 7 SP1 and higher operating systems. You can download either the installer or portable version. For correct working you are require administrator rights.

Features:

To activate portable mode, create "simplewall.ini" in application folder, or move it from "%APPDATA%\Henry++\simplewall".

Nota bene:

Keep in mind, simplewall is not a control UI over Windows Firewall, and does not interact in any level with Windows Firewall. It works over Windows Filtering Platform (WFP) which is a set of internal API and system services that provide a platform for creating network filtering applications. Windows Filtering Platform is a development technology and not a firewall itself, but simplewall is the tool that uses this technology.

System requirements:

Donate:

GPG Signature:

Binaries have GPG signature simplewall.exe.sig in application folder.

Reviews of idiots:

<img src="/images/idiot_n1.png" />

Look at them, he does not know about .gitmodules and how to use, lol.

PS: Without idiots we are not to be fun, yeah!

Installation:

When install rules, you can choose two modes:

Uninstall:

When you uninstall simplewall, all previously configured filters stay alive in system. To remove all filters created by simplewall, start simplewall and press "Disable filters" button.

Command line:

-install - enable filtering.
-install -temp - enable filtering until next reboot.
-install -silent - enable filtering without prompt.
-uninstall - remove all installed filters.

Rules editor:

simplewall have two types of custom user rules rules:

<img src="/images/simplewall_rules.png?cache2" />

Rule syntax format:

To set rule applications, open rule and then navigate to "Apps" tab.

<details> <summary>Rule syntax format:</summary>

To specify more than one ip, port and/or host, use semicolon.

</details> <details> <summary>IPv4 CIDR blocks:</summary>
Address formatMask
a.b.c.d/32255.255.255.255
a.b.c.d/31255.255.255.254
a.b.c.d/30255.255.255.252
a.b.c.d/29255.255.255.248
a.b.c.d/28255.255.255.240
a.b.c.d/27255.255.255.224
a.b.c.d/26255.255.255.192
a.b.c.d/25255.255.255.128
a.b.c.0/24255.255.255.0
a.b.c.0/23255.255.254.0
a.b.c.0/22255.255.252.0
a.b.c.0/21255.255.248.0
a.b.c.0/20255.255.240.0
a.b.c.0/19255.255.224.0
a.b.c.0/18255.255.192.0
a.b.c.0/17255.255.128.0
a.b.0.0/16255.255.0.0
a.b.0.0/15255.254.0.0
a.b.0.0/14255.252.0.0
a.b.0.0/13255.248.0.0
a.b.0.0/12255.240.0.0
a.b.0.0/11255.224.0.0
a.b.0.0/10255.192.0.0
a.b.0.0/9255.128.0.0
a.0.0.0/8255.0.0.0
a.0.0.0/7254.0.0.0
a.0.0.0/6252.0.0.0
a.0.0.0/5248.0.0.0
a.0.0.0/4240.0.0.0
a.0.0.0/3224.0.0.0
a.0.0.0/2192.0.0.0
a.0.0.0/1128.0.0.0
0.0.0.0/00.0.0.0
</details> <details> <summary>IPv6 CIDR blocks:</summary>

IPv6 CIDR blocks

</details>

FAQ:

Q: Are internet connections blocked when simplewall is not running?

A: Yes. Installed filters are working even if simplewall is terminated.

Q: What apps are blocked in default configuration?

A: By default, simplewall blocks all applications. You do not need to create custom rules to block specific applications.

Q: Is it safe to use simplewall with Windows Firewall?

A: Yes. You do not need to disable Windows Firewall. These two firewalls work independently.

Q: How can i disable blocklist entirely?

A: Open Settings -> Blocklist and then click the radio buttons labeled Disable.

Q: Where is blacklist mode?

A: Blacklist was removed many days ago for uselessness. But if you need it, you can still configure it.

<details> <summary>Solution: Configure blacklist mode in simplewall:</summary>
  1. Open Settings -> Rules
  2. Uncheck Block outbound for all and Block inbound for all options.
  3. Create user rule (green cross on toolbar) with block action, any direction, Block connection name and empty remote and local rule.
  4. You can assign this rule for apps whatever you want to block network access.
</details>

Q: Why does my network icon have an exclamation mark?

A: When you are connected to a network, Windows checks for internet connectivity using Active Probing. This feature is named as NCSI (Network Connectivity Status Indicator). You can resolve this problem in one of the following ways:

<details> <summary>Solution 1: Enable NCSI through internal system rule:</summary>
  1. Open System rules tab.
  2. Allow NCSI rule (enabled by default).
</details> <details> <summary>Solution 2: Disable NCSI through system registry:</summary>

Create Disable NCSI.reg and import it into registry.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator]
"NoActiveProbe"=dword:00000001
"DisablePassivePolling"=dword:00000001
</details> <details> <summary>Solution 3: Disable NCSI through group policy:</summary>
  1. Launch the group policy editor (gpedit.msc ).
  2. Go to Computer Configuration -> Administrative Templates -> System -> Internet Communication Management -> Internet Communication Settings.
  3. Double-click Turn off Windows Network Connectivity Status Indicator active tests and then select Enabled. Click Ok.
  4. Open the Command Prompt (Admin) and enter gpupdate /force to enforce the changes made to the Group Policies.
</details>

Q: How can I disable Windows Firewall?

Start the command line as an administrator, and enter the commands below.

<details> <summary>Disable Windows Firewall profiles:</summary> 
netsh advfirewall set allprofiles state off
</details> <details> <summary>Enable Windows Firewall profiles:</summary> 
netsh advfirewall set allprofiles state on
</details>

Q: How can I view all filters information?

Start the command line as an administrator, and enter the commands below.

<details> <summary>Dump filters information saved into a `filters.xml` file:</summary> 
cd /d %USERPROFILE%\Desktop

netsh wfp show filters
</details> <details> <summary>Dump providers, callouts and layers information into a `wfpstate.xml` file:</summary> 
cd /d %USERPROFILE%\Desktop

netsh wfp show state
</details>

Open it in any text editor and study.

Q: How to fix Windows Update internet access?

<details> <summary>Windows 10 and above:</summary>

Open main window menu Settings -> Rules -> Allow Windows Update. <br /> This is working by method described here.

</details> <details> <summary>Windows 8.1:</summary>

Open main window, Navigate into System rules tab and then enable Windows Update service rule.

</details>

Q: Other questions:

(c) 2016-2024 Henry++