I currently use TinyWall Firewall, it works very well, it’s small/portable, no complaints I even donated to the Dev but I would really prefer open source, also it needs to be user friendly like TinyWall so my non-tech family members can/will use it like they do with TinyWall.
Update: I just discovered that TinyWall is now FOSS, GitHub Link If a very powerful, easy to config/maintain Windows firewall that is also now FOSS is something your interested in, I highly recommend giving TinyWall a try
i use tinywall and haven’t had any complaints.
Okay, so this is a more topic-adjacent meta commentary, but this thread is a great example of something stupid.
Why is it that when people show up on the internet to ask how to do something, a bunch of people jump in to say that thing isn’t worth doing?
I don’t know how many times I’ve been googling for a solution to a problem and I keep finding people who tell OP not to bother rather than either providing a solution or just like, not commenting on a thread they’re incapable of helping in.
Like, y’all get that these conversations turn into google results, right? You know how frustrating it is to google something and the first answer that comes up is ‘google it’? Or better yet ‘you can’t’ in response to a problem that’s absolutely doable.
Just let people do their weird little niche projects that fit their needs! You don’t need to understand why.
Drives me up a wall.
There is a basic misunderstanding in OP’s formulation: a “firewall for” is something one needed with Windows XP and earlier, as in a piece of software that acted as a firewall; nowadays, both Windows 7+ and Linux come with a built-in firewall, that one might want a “GUI for {}'s firewall”.
Whether people feel more inclined to explain the misunderstanding, or to just spew a “you can’t” that’s technically correct but unhelpful… YMMV, different people are different and may be of different mood at different times 🤷
There seems to be a misunderstanding:
- A “firewall for” is something one needed with Windows XP and earlier, as in “a piece of software that acted as a firewall”.
- Nowadays, both Windows 7+ and Linux come with a built-in firewall, that one might want a “GUI for {}'s firewall”.
One of such GUIs, is TinyWall, that is also FOSS (GPLv3). I see people have suggested some more.
To be precise, all these options are inferior in functionality to firewalls like ZoneAlarm… but since you’re asking for a non-tech friendly solution, they should be adequate.
ZoneAlarm is trash compared to Suricata or Snort.
Does Suricata or Snort allow the user to block per-process outgoing traffic?
Both do deep packet inspection using netflow protocol and filter using crowd sourced detection rules as well as commercial, process-level filtering on a host operating system to detect network intrusion is unecessarily resource intensive.
https://www.netgate.com/blog/suricata-vs-snort
ZenArmor does the same as both, but also uses python scripts with a fancy graphical interface.
Do people really run zenarmour, snort or suricate on their desktop?
Feels like a network firewall thing to do DPI for the whole house, instead of a per-machine thing.Process-level filtering is to avoid exfiltration from environments where “all processes run as the same user, with full access to all other processes”… which, unfortunately, are still most of them.
DPI is nice to stop incoming attacks, and to detect suspicious outgoing traffic, but it’s kind of late when the data is already on the wire, and you won’t be able to stop all possible kinds of traffic that way.
What’s wrong with the built in windows firewall? It works well, has a GUI to add rules, etc… You don’t even need to touch it on a default setup for most people.
Because it’s awful to use, counter-intuitive, and fucking breaks network connectivity all the time by switching private networks to public on a whim.
Fuck that piece of shit for that reason alone. I’ve seen it fuck domain controllers doing this, when “supposedly” it can’t do this on a DC. Know what happens then? I can’t RDP to the server from it’s own local network.
This is such a problem we run a powershell script on a schedule to ensure the connections remain private.
TinyWall doesn’t change the firewall, it’s just an alternative GUI… like setting it from PowerShell.
Could you share that script? Sounds like a nifty grassroots tech solution.
I haven’t had that happen unless my gateway or DHCP server changes, but on a server wouldn’t adding the rules to both public and private profiles solve that too?
But he’s not using it in a domain environment.
This. There really is no point in installing something like tinywall, when there is a built in firewall that has more functionality (granted its much less user friendly).
TinyWall is a simplified GUI for the Windows firewall… some may like it, some may not.
OK, since this was my first post here I did not expect the conversation to get so lively. I appreciate every single input. I thought my initial request was simple and clear with the words “non-tech” and “family members” but for the curious I will expand a bit.
For starters of course I am the “sys-admin” of my families tech life, my main personal PC is not Windows based but every member of my family is because every flavor of Linux I have convinced a family member to try has resulted in utter failure for them, sad but true.
They like the simple UI over the Windows firewall because I had no success trying to get them to understand/use the built-in windows version “Easy” to block per-process out/in traffic “Easy” to block ALL traffic, etc… Having them understand/use traffic blocking at the app level has made all of them much safer/smarter users. I start them with almost everything locked down, they open/monitor what they use, nobody shares a PC so this works perfect.
and finally for me, I needed Open Source so I can inspect the code for any tomfoolery, make any custom changes needed/wanted, and compile on my own. Free is never a requirement, I will always support the devs of software I end up using.
Thanks again for all the input, I read and followed everything, I was not planning on this much TMI but felt it warranted after reading the responses.
Sorry you had to write this down, OP. On the internet people make a lot of assumptions. I hope you ended up getting a reply.
Check out Simplewall. Simple enough and not complicated.
