Does anyone know of a FOSS Firewall for Windows

I currently use TinyWall Firewall, it works very well, it's small/portable, no complaints I even donated to the Dev but I would really prefer open source, also it needs to be user friendly like TinyWall so my non-tech family members can/will use it like they do with TinyWall.

TikoBrown OP ,
@TikoBrown@beehaw.org avatar

OK, since this was my first post here I did not expect the conversation to get so lively. I appreciate every single input.
I thought my initial request was simple and clear with the words "non-tech" and "family members" but for the curious I will expand a bit.

For starters of course I am the "sys-admin" of my families tech life, my main personal PC is not Windows based but every member of my family is because every flavor of Linux I have convinced a family member to try has resulted in utter failure for them, sad but true.

They like the simple UI over the Windows firewall because I had no success trying to get them to understand/use the built-in windows version
"Easy" to block per-process out/in traffic
"Easy" to block ALL traffic, etc...
Having them understand/use traffic blocking at the app level has made all of them much safer/smarter users.
I start them with almost everything locked down, they open/monitor what they use, nobody shares a PC so this works perfect.

and finally for me, I needed Open Source so I can inspect the code for any tomfoolery, make any custom changes needed/wanted, and compile on my own. Free is never a requirement, I will always support the devs of software I end up using.

Thanks again for all the input, I read and followed everything, I was not planning on this much TMI but felt it warranted after reading the responses.

Templa ,
@Templa@beehaw.org avatar

Sorry you had to write this down, OP. On the internet people make a lot of assumptions. I hope you ended up getting a reply.

anonymouse , (edited )

‏‏‎ ‎

ser ,

Check out Simplewall. Simple enough and not complicated.

https://simplewall.en.lo4d.com/windows

jarfil ,
@jarfil@beehaw.org avatar

There seems to be a misunderstanding:

  • A "firewall for" is something one needed with Windows XP and earlier, as in "a piece of software that acted as a firewall".
  • Nowadays, both Windows 7+ and Linux come with a built-in firewall, that one might want a "GUI for {}'s firewall".

One of such GUIs, is TinyWall, that is also FOSS (GPLv3). I see people have suggested some more.

To be precise, all these options are inferior in functionality to firewalls like ZoneAlarm... but since you're asking for a non-tech friendly solution, they should be adequate.

BaroqueInMind ,

ZoneAlarm is trash compared to Suricata or Snort.

jarfil ,
@jarfil@beehaw.org avatar

Does Suricata or Snort allow the user to block per-process outgoing traffic?

BaroqueInMind ,

Both do deep packet inspection using netflow protocol and filter using crowd sourced detection rules as well as commercial, process-level filtering on a host operating system to detect network intrusion is unecessarily resource intensive.

https://www.netgate.com/blog/suricata-vs-snort

ZenArmor does the same as both, but also uses python scripts with a fancy graphical interface.

towerful ,

Do people really run zenarmour, snort or suricate on their desktop?
Feels like a network firewall thing to do DPI for the whole house, instead of a per-machine thing.

jarfil ,
@jarfil@beehaw.org avatar

Process-level filtering is to avoid exfiltration from environments where "all processes run as the same user, with full access to all other processes"... which, unfortunately, are still most of them.

DPI is nice to stop incoming attacks, and to detect suspicious outgoing traffic, but it's kind of late when the data is already on the wire, and you won't be able to stop all possible kinds of traffic that way.

millie , (edited )

Okay, so this is a more topic-adjacent meta commentary, but this thread is a great example of something stupid.

Why is it that when people show up on the internet to ask how to do something, a bunch of people jump in to say that thing isn't worth doing?

I don't know how many times I've been googling for a solution to a problem and I keep finding people who tell OP not to bother rather than either providing a solution or just like, not commenting on a thread they're incapable of helping in.

Like, y'all get that these conversations turn into google results, right? You know how frustrating it is to google something and the first answer that comes up is 'google it'? Or better yet 'you can't' in response to a problem that's absolutely doable.

Just let people do their weird little niche projects that fit their needs! You don't need to understand why.

Drives me up a wall.

jarfil ,
@jarfil@beehaw.org avatar

There is a basic misunderstanding in OP's formulation: a "firewall for" is something one needed with Windows XP and earlier, as in a piece of software that acted as a firewall; nowadays, both Windows 7+ and Linux come with a built-in firewall, that one might want a "GUI for {}'s firewall".

Whether people feel more inclined to explain the misunderstanding, or to just spew a "you can't" that's technically correct but unhelpful... YMMV, different people are different and may be of different mood at different times 🤷

anonymouse ,

I would really prefer open source

... this does not compute. If you actually truly prefer open source, why are you using Windows?

BearOfaTime , (edited )

Because spending years setting up a system using nothing but open source from the start, you'd still not approach what windows can do out the box with far less effort.

I'm also not spending my time teaching old dogs new tricks, nor spending my time solving problems for them which just shouldn't exist (e.g. The stupid print monitor mentioned below).

I keep having to say this, as much as I like Linux for certain things, as a desktop it's still no competition to Windows, even with the dumb shit MS does.

As some background - I had my first UNIX class in about 1990. I wrote my first Fortran program on a Sperry Rand Univac (punched cards) in about 1985. Cobol was immediately after Fortran (wish I'd stuck with Cobol).

I run a Mint laptop. Power management is a joke. Configured as best as possible, walked in the other day and it was dead - as in battery at zero, won't even boot. Windows would never do this, unless you went out of your way to config power management to kill the battery (even then, to really kill it you have to boot to BIOS and let it sit, Windows will not let a battery get to zero).

There no way even possible via the GUI to config power management for things like low/critical battery conditions /actions.

There are many reasons why Linux doesn't compete with Windows on the desktop - this is just one glaring one.

Now let's look at Office. Open an Excel spreadsheet with tables in any app other than excel. Tables are something that's just a given in excel, takes 10 seconds to setup, and you get automatic sorting and filtering, with near-zero effort. No, I'm not setting up a DB in an open-source competitor to Access. That's just too much effort for simple sorting and filtering tasks, and isn't realistically shareable with other people.

Now there's that print monitor that's on by default, and can only be shut up by using a command line. Wtf? In the 21st century?

Networking... Yea, samba works, but how do you clear creds you used one time to connect to a share, even though you didn't say "save creds"? Oh, yea, command line again or go download an app to clear them for for you. Smh.

Someone else said it better than me:

Every time I've installed Linux as my main OS (many, many times since I was younger), it gets to an eventual point where every single thing I want to do requires googling around to figure out problems. While it's gotten much better, I always ended up reinstalling Windows or using my work Mac. Like one day I turn it on and the monitor doesn't look right. So I installed twenty things, run some arbitrary collection of commands, and it works.... only it doesn't save my preferences.

So then I need to dig into .bashrc or .bash_profile (is bashrc even running? Hey let me investigate that first for 45 minutes) and get the command to run automatically.. but that doesn't work, so now I can't boot.. so I have to research (on my phone now, since the machine deathscreens me once the OS tries to load) how to fix that... then I am writing config lines for my specific monitor so it can access the native resolution... wait, does the config delimit by spaces, or by tabs?? anyway, it's been four hours, it's 3:00am and I'm like Bryan Cranston in that clip from Malcolm in the Middle where he has a car engine up in the air all because he tried to change a lightbulb.

And then I get a new monitor, and it happens all damn over again. Oh shit, I got a new mouse too, and the drivers aren't supported - great! I finally made it to Friday night and now that I have 12 minutes away from my insane 16 month old, I can't wait to search for some drivers so I can get the cursor acceleration disabled. Or enabled. Or configured? What was I even trying to do again? What led me to this?

I just can't do it anymore. People who understand it more than I will downvote and call me an idiot, but you can all kiss my ass because I refuse to do the computing equivalent of building a radio out of coconuts on a deserted island of ancient Linux forum posts because I want to have Spotify open on startup EVERY time and not just one time. I have tried to get into Linux as a main dev environment since 1997 and I've loved/liked/loathed it, in that order, every single time.

I respect the shit out of the many people who are far, far smarter than me who a) built this stuff, and 2) spend their free time making Windows/Mac stuff work on a Linux environment, but the part of me who liked to experiment with Linux has been shot and killed and left to rot in a ditch along the interstate.

Now I love Linux for my services: Proxmox, UnRAID, TrueNAS, containers for Syncthing, PiHole, Owncloud/NextCloud, CasaOS/Yuno, etc, etc. I even run a few Windows VM's on Linux (Proxmox) because that's better than running Linux VM's on a Windows server.

Linux is brilliant for this stuff. Just not brilliant for a desktop, let alone in a business environment, or for people who are already well versed with windows.

Linux doesn't even use a common shell (which is a good thing in it's own way), and that's a massive barrier for users. The Mint shell doesn't use right-click... Really?

If it were 40 years ago, maybe Linux would've had a chance to beat MS, even then it would've required settling on a single GUI (which is arguably half of why Windows became a standard, the other half being a common API), a common build (so the same tools/utilities are always available), and a commitment to put usability for the inexperienced user first.

These are what MS did in the 1980's to make Windows attractive to the 3 groups who contend with desktops: developers, business management, end users.

All this without considering the systems management requirements of even an SMB with perhaps a dozen users (let alone an enterprise with tens of thousands).

jarfil , (edited )
@jarfil@beehaw.org avatar

Because spending years setting up a system using nothing but open source from the start, you'd still not approach what windows can do out the box with far less effort.

This is a flawed argument, the opposite of:

Because spending years stripping(*) a system from adware and bloat, you'd still not approach how slim Linux can be out of the box with far less effort.

Just pick a target, then use whichever tool gets you closer to it... and I think you know it, no need for a rant.

(* there are actual tools to strip and reset the tracking and ads in Windows... obviously for people who accepted to get early updates, install the "Preview" versions, and haven't read that it means they're now betatesters with telemetry enabled 🙄)

PS: settling on a "single GUI", is kind of ironic given the multiple GUI versions of the control panel in modern Windows.

AnonStoleMyPants ,

Preferences are rarely black and white. I prefer locally grown vegetables, yet those are not the only kind of veggies I buy.

anonymouse ,

That's not quite the same. It's like ordering a small salad whilst having a Big Mac meal at McDonald's, and claiming that you prefer healthy food.

Surely you see the irony of the situation?

AnonStoleMyPants ,

Can't say I do tbh. You make it sound like if one prefers healthy foods they can't get a craving for a burger and yet ditch the fries. To me it seems completely normal.

Vodulas ,

You can have a preference and not do the preferred thing all the time. In the example you gave, someone could generally eat "healthy food" and just have a Big Mac meal once in a while.

Templa ,
@Templa@beehaw.org avatar

I knew I was going to find a comment like this and I am disappointed that I did.

It is hard for people to make transitions specially because they probably used Windows their own life. If they are asking for a FOSS firewall they most likely know they should transition to Linux at some point. There is actually no need to be the questioning person.

I use arch btw

anonymouse ,

Why are you disappointed? It was just a question out of curiosity. Nothing wrong with asking a question, this is a community centered around discussions, is it not? It's not Stack Overflow or something, where we follow a strict question-answer format.

It is hard for people to make transitions specially because they probably used Windows their own life. If they are asking for a FOSS firewall they most likely know they should transition to Linux at some point.

And that is just your assumption. What if they were only using Windows to play some games, but didn't realise that those games were now actually playable in Linux?

Templa ,
@Templa@beehaw.org avatar

If you phrased your initial question differently or asked more details about OP's use case I think it would be completely fine. For example, they might be the "sys admin" where they live but their family members would be extremely annoyed if they tried to push Linux.

Just kind tired of the "you cannot ask for FOSS alternatives if you are using something proprietary" and ended up venting because of your comment, that's all.

desentizised ,

It's not an assumption that transitioning to (Proton on) Linux is hard with no prior knowledge. An assumption is that you're probably talking from the perspective of a tech-savvy person that doesn't need to open a Lemmy thread to find their desired software. OP doesn't owe you a question that computes in your head. Open Source software for Windows exists therefore it can be installed.

anonymouse ,

It's not an assumption that transitioning to (Proton on) Linux is hard with no prior knowledge.

The Proton thing was just an example. You do not know OP's circumstances. What if they were already tech-savvy?

OP doesn't owe you a question

And I don't owe OP an answer either.

Open Source software for Windows exists therefore it can be installed.

Just because something exists doesn't mean if should be installed. The question isn't about whether or not it can be installed. That's not the point at all.

desentizised ,

don't owe OP an answer

Exactly. Since its dawn forums on the internet have been full of people countering legitimate questions with "why would you even ask that?". Not only is nobody owed your "contribution", it is of zero value.

because something exists doesn't mean it should be installed

Elitist much. Why would you rather assume that a tech-savvy person is asking for tech guidance than the infinitely more likely opposite case? The answer is because you (elitist) think what works for you is the only valid path and all must be guided to your subjective treasure. Your intentions may be benign but your methods are not.

anonymouse ,

Elitist much. Why would you rather assume that a tech-savvy person is asking for tech guidance than the infinitely more likely opposite case?

Assumptions much? The probably of which is higher is completely irrelevant, because it's just an assumption, and without OP confirming it, we can keep arguing till the end of the universe.

Your intentions may be benign but your methods are not.

Again, assumptions, with zero evidence.

Templa ,
@Templa@beehaw.org avatar

This is Beehaw and we aim to be a nice place, right? So to me is kind of pointless this kind of discussions and I just meant to say that your comment sounded very judgemental and it could be written in a nicer way, that's all.

Edit: Check OP's new comment on the post.

anonymouse ,

I disagree that it was judgemental. Sure, it could've been written nicer, but there was no need to - it was just a simple question hinting at the irony of the situation, nothing more, nothing less. I didn't break any rules, and if I did, the mods are free to delete my comment. The fact that they didn't intervene - when they're famously known to rule with an iron fist - proves that your judgment of my comment coming as "very judgemental" is your own opinon.

Templa ,
@Templa@beehaw.org avatar

I'm never said you were violating any rules, I was just expressing my opinion. If a person asks a question you can decide if you are going to be helpful and answer that question or make an statement regarding the irony of their question, which isn't helpful at all.

You keep doing whatever you think it is best.

anonymouse ,

First of all there's no rule that the very first comment to a question has to be an answer, and that it has to be helpful in that instance - there's always the chance that said helpful answer might come further down the chain - had OP replied to the comment.

Sometimes the best answers are born out of asking questions, because often the person asking the question may not be asking the right question (due to not stating all the details, or having incomplete knowledge, misconceptions etc). Regardless, it sparks a discussion, so I don't see the problem, as long as the discussion is taking place in a civil manner and no rules are being broken. Finally, even if the discussion chain that sparked wasn't helpful to OP, it could help someone else. Or at least entertain them. And those who can't be bothered, can always ignore the chain, or even block the person(s) in question. So regardless, I don't see this as a loss or a negative of any sort.

desentizised ,

Said like a person that doesn't want to "argue till the end of the universe". Maybe just take the hint once there's multiple people trying to politely tell you the same thing? Prove that you're not just good at fortifying the walls around your bubble. Criticism is rarely meant to attack us. Nobody is accusing you of a crime. I know it's hard to take that step back from one's own perspective.

Again, just because something works for you doesn't mean you have to be evangelical about it. Don't try to be the "I use arch btw" meme for real.

anonymouse ,

Yes, I like to argue. But it takes two to tango. If you don't like to participate, just stop replying to me - as simple as that. :)

And please tell me, when was I ever evangelical in this comment thread/comment chain? Please quote the exact statement(s) I used that shows evidence I was trying to be evangelical in this chain.

desentizised ,

Look. You can't have it both ways. You can either be the "i use arch (and so should everybody else) btw" guy or you can be dumbfounded by people accusing you of being the "i use arch (and so should everybody else) btw" guy. If you do both (in succession I guess) you're just a parody of your own pro-FOSS message.

I know I'm probably opening another can of worms by saying this but I'm an absolute privacy advocate. And guess what? I use multiple Windows-installations as part of my day-to-day. Yes I do want that number to migrate towards zero but so far, especially when it comes to laptops (and more so laptops with multiple GPUs) I just never saw any appeal in crippling my own experience just for the sake of subjective "freedom".

So now imagine a person like me trying to look for help setting up a Pi-hole installation for the sake of privacy. In comes the evangelical "If you actually truly care about your privacy, why are you using Windows?" Sound familiar? How about helpful (in terms of getting someone closer to a Pi-hole installation)?

anonymouse ,

If you do both (in succession I guess) you're just a parody of your own pro-FOSS message.

When did I do both? Please quote or link the exact messages as evidence.

You also keep associating the term "evangelical" with me, without citing any evidence.

Also, your privacy example isn't quite the same here, since you absolutely can have privacy with Windows - just block all Microsoft domains, use a decent firewall/PiHole/adblock/DNS etc. Or just soft air-gap Windows, allowing only selective traffic to pass thru a manually-configured per-app proxy gateway.

On the other hand, someone asking for FOSS apps and claiming they prefer FOSS, whilst still using Windows, is ironic.

MangoPenguin ,
@MangoPenguin@lemmy.blahaj.zone avatar

What's wrong with the built in windows firewall? It works well, has a GUI to add rules, etc.. You don't even need to touch it on a default setup for most people.

Imprint9816 ,

This. There really is no point in installing something like tinywall, when there is a built in firewall that has more functionality (granted its much less user friendly).

jarfil ,
@jarfil@beehaw.org avatar

TinyWall is a simplified GUI for the Windows firewall... some may like it, some may not.

BearOfaTime ,

Because it's awful to use, counter-intuitive, and fucking breaks network connectivity all the time by switching private networks to public on a whim.

Fuck that piece of shit for that reason alone. I've seen it fuck domain controllers doing this, when "supposedly" it can't do this on a DC. Know what happens then? I can't RDP to the server from it's own local network.

This is such a problem we run a powershell script on a schedule to ensure the connections remain private.

MangoPenguin ,
@MangoPenguin@lemmy.blahaj.zone avatar

I haven't had that happen unless my gateway or DHCP server changes, but on a server wouldn't adding the rules to both public and private profiles solve that too?

Swarfega ,

But he's not using it in a domain environment.

jarfil ,
@jarfil@beehaw.org avatar

TinyWall doesn't change the firewall, it's just an alternative GUI... like setting it from PowerShell.

desentizised ,

Could you share that script? Sounds like a nifty grassroots tech solution.

Kissaki ,
@Kissaki@beehaw.org avatar
TikoBrown OP ,
@TikoBrown@beehaw.org avatar

Update:
I just discovered that TinyWall is now FOSS, GitHub Link
If a very powerful, easy to config/maintain Windows firewall that is also now FOSS is something your interested in, I highly recommend giving TinyWall a try

furzegulo ,

i use tinywall and haven't had any complaints.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • [email protected]
  • tech
  • kbinEarth
  • testing
  • interstellar
  • wanderlust
  • All magazines
    •