Firewall program for manually allowing or blocking program network access

[K4sum1]

I've decided to split some ideas from the contributing post into their own topic, so I can better explain them in a single contained post. This is the firewall. I would really appreciate it if a program like this was made. It would improve the security of older/newer Windows versions alike.

What I want is a firewall similar to Comodo Firewall that is open source. The main thing I want is XP compatibility and works with VPNs that use TAP drivers like Wireguard. If possible, a UNIX port or version would be cool, but is secondary to a Windows version.

I think Fort Firewall could be used as the basis for this. From what I can see it has a few major pitfalls, however I haven't tried it myself yet so I don't know every issue or feature it has.

1: It seems to only block or allow at a base level. I would want to allow certain connections but block others. For example with svchost.exe I would want to only allow communication over port 53, 67, 500, and 4500, while everything else is blocked. Not entirely sure what 53/67 do, but if those are blocked, the internet just doesn't work. 500/4500 is for IKEv2 VPN. Everything else is blocked as it doesn't need to occur and is likely telemetry.

2: No Ask to Connect. It seems to be a planned feature, but not implemented yet. I would want to work like Comodo Firewall, which prompts me for every new connection that doesn't fall under a previous firewall rule.

3: The GUI is made in QT. This might be a problem for XP. QT is also very bloated. Something else like WxWidgets would be preferred, but maybe just downgrading QT to last XP compatible release would be fine.

[Duke]

In the past I've used Kerio Firewall on XP, the best firewall I've ever had. Nowadays I'm afraid it will be quite hard to find something that is still running on XP

Port 53 is for DNS and port 67 for DHCP, so yes they must have access to the network.
List of TCP and UDP ports: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
More details about a specific port on this site, e.g. port 53: https://www.speedguide.net/port.php?port=53

[K4sum1]

In the past I've used Kerio Firewall on XP, the best firewall I've ever had. Nowadays I'm afraid it will be quite hard to find something that is still running on XP

I currently use Comodo Firewall 8.4.0.5165. I was going to upgrade to 12.0.0.6818 (last to work on XP), however after using it in a VM I noticed it has a RAM leaking issue, so guess not. Current issues are does not work with certain VPN drivers like Wireguard or anything TAP based, and a very weird issue. I haven't 100% traced it to Comodo specifically just yet, but I'm fairly certain it is since I haven't seen it on a PC without it. Executable files (.exe) are being accessed by a SYSTEM process that nothing can identify for a short period after being seen in explorer. So if I open a directory and try to delete the .exe, it fails for a little bit saying the file is in use. If I download an executable file to my desktop or any window I have open, it will fail (Firefox pre 92) or get (1) appended to it. I can't get the issue to consistently happen either, I have machines, VMs, etc with this same Comodo version but no issue. However it appears to happen more often than not. I have everything else other than the firewall disabled, so I have no idea what it's doing or why this happens.

Was looking through the archives to get version names and found 10.0.1.6294 which used to be my preferred version, and I don't remember having the latter issue with it. Might try it again sometime.

[Duke]

Executable files (.exe) are being accessed by a SYSTEM process that nothing can identify for a short period after being seen in explorer. So if I open a directory and try to delete the .exe, it fails for a little bit saying the file is in use. If I download an executable file to my desktop or any window I have open, it will fail (Firefox pre 92) or get (1) appended to it.

Happens to me too with my Windows 7 virtual machine. I guess it's about the antivirus and/or maybe some service I've disabled.

[K4sum1]

Happens to me too with my Windows 7 virtual machine. I guess it's about the antivirus and/or maybe some service I've disabled.

Hmm, you might be right. I don't do these tweaks for most test installs, but why would it be inconsistent in the stuff I do tweak?

[Duke]

why would it be inconsistent in the stuff I do tweak?

I don't know what is going on but I have the feeling some things don't work in a VM the same as on a "normal" system. Sometimes it takes several long minutes before the file I've just downloaded is finally released by the system. Very annoying indeed

[K4sum1]

By the way, I'm still not sure what causes the issue, however I just have not had the issue occur with the Windows 7 Updated v5 ISO or the, eventually will come to release, Windows 8.1 Updated v2 ISO.

[xperceniol_sal]

...I currently use Comodo Firewall 8.4.0.5165...

I've been searching for a working link to the program and I can't find it; do you know where I can get this? Thank you in advance.

[K4sum1]

...I currently use Comodo Firewall 8.4.0.5165...

I've been searching for a working link to the program and I can't find it; do you know where I can get this? Thank you in advance.

https://archive.org/details/various-comodo-cis-cfw-builds-with-server-mods

[The-10-Pen]

Comodo Personal Firewall 2.4.18.184

[Duke]

Fort Firewall

Does anyone know if Fort Firewall is working fine on Windows 8.1 x64 ?
The x64 version has "Windows10" in its file name: FortFirewall-3.1x.x-windows10-x86_64.exe, so I wonder

I currently use Comodo Firewall 8.4.0.5165.

Is Comodo Firewall better than Fort Firewall ?
Comodo CFW 8.4.0.5165 installer is about 169 MB while Fort Firewall is about 5 MB.
Are these 164 MB more worth it ?

[The-10-Pen]

For starters, "Fort Firewall" is not technically self-contained.
It requires Microsoft's embedded firewall / base filtering engine to run side-dy-side with Fort Firewall.
I have not ran "Fort Firewall", but just reading the GitHub page tells me it is NOT FOR ME.
May work for you, will not work for me.

Secondly, and I can only speak towards Comodo 2.4.18.184 [File Size: 7.58 MB], Fort Firewall lacks "parent-based" rules.
ie, with Comodo 2.4.18.184, I can allow Chrome or Firefox or you-name-it to use one set of rules when launched from a desktop shortcut, a totally different set of rules if launched from Word, a different set of rules if launched from Excel, a different set of rules if launched from Classic Shell, a different set of rules if launched from a pdf link, and then still block completely if a shareware "installation" launches a browser window to phone-home during said installation.

Although, truth be told, I do not use firewall software or antivirus software. None.
I run *everything* from inside VirtualBox VM's. *EVERYTHING*
Anything happens, I just **DELETE** the VM *clone* and reclone a new working VM.
The "base" VM is never touched post-install. It's only used to clone new clones.

[K4sum1]

That's interesting. I don't think modern Comodo has anything like that. I just manage rules per application no matter how they get launched.

[The-10-Pen]

That's interesting. I don't think modern Comodo has anything like that. I just manage rules per application no matter how they get launched.

If that works for you, that's totally up to your usage.
I personally disprove of that attack method.
It "enables" programs to "fake" their internet connections by "pretending" to be something/anything that users just "blindly trust".

[K4sum1]

Modern Comodo does it per path. I guess an attack method would be to figure out a program that can communicate and swap out it's .exe file, but I figure that would require enough access that you'd be already fucked no matter what.

[Duke]

For starters, "Fort Firewall" is not technically self-contained.
It requires Microsoft's embedded firewall / base filtering engine to run side-dy-side with Fort Firewall.

That's not what I've found in the user guide:

Do I need to / Should I have - Windows Firewall (Microsoft Defender Firewall) enabled and running together with Fort Firewall?

You do not need to keep the Windows Firewall (WF) enabled and running together with Fort Firewall.
Fort Firewall can not register in Security Center, so you will get a warning with disabled WF.
If you disable the WF, then consider the Options: "Self Protection" flags.
Also you do not need to disable the Windows Firewall - Fort Firewall will work fine with it.
But if you block some program in WF, then it'll be blocked anyway, even if you allow it in Fort Firewall.

Source: https://github.com/tnodir/fort/wiki/FAQ#do-i-need-to--should-i-have---windows-firewall-microsoft-defender-firewall-enabled-and-running-together-with-fort-firewall

I can only speak towards Comodo 2.4.18.184 [File Size: 7.58 MB], Fort Firewall lacks "parent-based" rules.

On the Github page of Front Firewall there is this comparison with other firewalls:
https://github.com/tnodir/fort/wiki/Functionality-overview#comparison-with-other-firewalls

[The-10-Pen]

Look again.
While it may not require Windows Firewall, it does require the BASE FILTERING ENGINE which is the core compoent / dependency of Windows Firewall.
Something that I personally DISABLE on my systems.
It's up to you if you want it running on yours.

Though my main point was that you cannot say "this many megabytes" for this-app versus "this many megabytes" for that-app IF YOU DON'T ALSO ADD THE DEPENDENCIES (which in the case of Fort Firewall is the RAM/CPU/megabytes of the base filtering engine running in the background).

[Duke]

I just wonder what Comodo Firewall brings with these 164 MB more because I'm quite sure there is no such large filtering engine in Comodo when some other firewalls can do it with a size between 1 and 5 MB

[The-10-Pen]

Agreed.
I didn't get around to looking over the weekend.
Generally speaking, it would NOT SURPRISE ME that the large install file size is NOTHING MORE than having a "hundred" different languages 'included'.

[Duke]

it would NOT SURPRISE ME that the large install file size is NOTHING MORE than having a "hundred" different languages 'included'.

Yep but that can't be that large. For instance, VLC which is a program with tons of options has a language folder of 104 languages for less than 40 MB.
164 MB is 4 times that.

[The-10-Pen]

<del>

I was going to ask if the install file in question INCLUDES apps that are not strictly just a firewall.
Appears it does not.

But speaking solely for myself, I would trust Comodo over "something found on GitHub".
But that's just me.

[K4sum1]

I know modern Comodo installers, even if you go for the x64 or x86 release include both x64 and x86 installers. The server mod .msi files are a bit more accurate size wise here.

The translations are 8MB.