/simplewall

Primary LanguageCGNU General Public License v3.0GPL-3.0

simplewall

Definitely for advanced users.


Description:

Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer.

The lightweight application is less than a megabyte, and it is compatible with Windows 7 and higher operating systems. You can download either the installer or portable version. For correct working, need administrator rights.

Features:

  • Simple interface without annoying pop ups
  • Rules editor (create your own rules)
  • Internal blocklist (block Windows spy / telemetry)
  • Dropped packets information with notification and logging to a file feature (win7+)
  • Allowed packets information with logging to a file feature (win8+)
  • Windows Subsystem for Linux (WSL) support (win10)
  • Windows Store support (win8+)
  • Windows services support
  • Free and open source
  • Localization support
  • IPv6 support
To activate portable mode, create "simplewall.ini" in application folder, or move it from "%APPDATA%\Henry++\simplewall".

Installation:

When install rules, you can choose two modes:

  • Permanent rules. Rules are working until you disable it manually.
  • Temporary rules. Rules are reset after the next reboot.

Uninstall:

When you uninstall simplewall, all previously installed filters are stay alive in system. To remove all filters created by simplewall, start simplewall and press "Disable filters" button.

Command line:

List of arguments for simplewall.exe:

-install - enable filtering.
-install -temp - enable filtering until reboot.
-install -silent - enable filtering without prompt.
-uninstall - remove all installed filters.

FAQ:

Q: Are internet connections blocked when simplewall is not running?

A: Yes. Installed filters are working even if simplewall is terminated.

Q: What apps are blocked in default configuration?

A: By default simplewall block all applications, you do not need create custom rules to block specific application.

Q: Why does my network icon have an exclamation mark?

A: When you are connected to a network, Windows checks for internet connectivity using Active Probing. This feature is named as NCSI (Network Connectivity Status Indicator). You can resolve this by one of this ways:

  • You can allow NCSI rule in "System rules" tab (enabled by default).
  • You can disable NCSI throught system registry:
; Create "Disable NCSI.reg" and import it into registry.

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator]
"NoActiveProbe"=dword:00000001
"DisablePassivePolling"=dword:00000001
  • You can disable NCSI throught group policy:
  1. Launch the editor by typing in gpedit.msc in Run.
  2. Navigate to Computer Configuration -> Administrative Templates -> System -> Internet Communication Management -> Internet Communication Settings
  3. Double-click Turn off Windows Network Connectivity Status Indicator active tests and then select Enabled. Click Ok.
  4. Now open the Command Prompt and enter gpupdate /force to enforce the changes made to the Group Policies.

Q: Where is blacklist mode?

A: Blacklist is removed many days ago for uselessness. But if you need it back you can configure blacklist in that way:

  1. Open Settings -> Rules
  2. Uncheck Block outbound for all and Block inbound for all options.
  3. Create user rule (green cross on toolbar) with block action, any direction, Block connection name and empty remote and local rule.
  4. You can assign this rule for apps whatever you want to block network access.

Website: www.henrypp.org
Support: support@henrypp.org

(c) 2016-2021 Henry++