Firewall program for manually allowing or blocking program network access
Posted: 15 Apr 2024, 00:21
I've decided to split some ideas from the contributing post into their own topic, so I can better explain them in a single contained post. This is the firewall. I would really appreciate it if a program like this was made. It would improve the security of older/newer Windows versions alike.
What I want is a firewall similar to Comodo Firewall that is open source. The main thing I want is XP compatibility and works with VPNs that use TAP drivers like Wireguard. If possible, a UNIX port or version would be cool, but is secondary to a Windows version.
I think Fort Firewall could be used as the basis for this. From what I can see it has a few major pitfalls, however I haven't tried it myself yet so I don't know every issue or feature it has.
1: It seems to only block or allow at a base level. I would want to allow certain connections but block others. For example with svchost.exe I would want to only allow communication over port 53, 67, 500, and 4500, while everything else is blocked. Not entirely sure what 53/67 do, but if those are blocked, the internet just doesn't work. 500/4500 is for IKEv2 VPN. Everything else is blocked as it doesn't need to occur and is likely telemetry.
2: No Ask to Connect. It seems to be a planned feature, but not implemented yet. I would want to work like Comodo Firewall, which prompts me for every new connection that doesn't fall under a previous firewall rule.
3: The GUI is made in QT. This might be a problem for XP. QT is also very bloated. Something else like WxWidgets would be preferred, but maybe just downgrading QT to last XP compatible release would be fine.
What I want is a firewall similar to Comodo Firewall that is open source. The main thing I want is XP compatibility and works with VPNs that use TAP drivers like Wireguard. If possible, a UNIX port or version would be cool, but is secondary to a Windows version.
I think Fort Firewall could be used as the basis for this. From what I can see it has a few major pitfalls, however I haven't tried it myself yet so I don't know every issue or feature it has.
1: It seems to only block or allow at a base level. I would want to allow certain connections but block others. For example with svchost.exe I would want to only allow communication over port 53, 67, 500, and 4500, while everything else is blocked. Not entirely sure what 53/67 do, but if those are blocked, the internet just doesn't work. 500/4500 is for IKEv2 VPN. Everything else is blocked as it doesn't need to occur and is likely telemetry.
2: No Ask to Connect. It seems to be a planned feature, but not implemented yet. I would want to work like Comodo Firewall, which prompts me for every new connection that doesn't fall under a previous firewall rule.
3: The GUI is made in QT. This might be a problem for XP. QT is also very bloated. Something else like WxWidgets would be preferred, but maybe just downgrading QT to last XP compatible release would be fine.