I saw in a recent TCD nfo there was mention of FAB firewall or something, but im not sure which one they are on about, Sordum made FAB (firewall app blocker) but it looks shitty and not sure if thats even the one they mean.
Is there anything lighter, open source and better as a firewall than TinyWall?

 

I use Zone Alarm Free Firewall

https://www.zonealarm.com/de/software/free-firewall

 

I'm using Simplewall, but I might try Tinywall to see how it compares.

 

A firewall is a firewall - a program that decides on network traffic according to set rules.
Windows has a built-in firewall which is sufficient if you know how to configure it - i.e. set the right rules.

On the other hand, in my opinion, the more secure firewall is one that runs outside the system as a separate device (e.g. in a router or a hardware firewall, which can be e.g. a raspberry pi) because it does not load the system and does not interact with it, so it cannot be disabled by malware. The downside is that you don't take it with your laptop and it only works on your network.

The best known, free and open source firewall is pfSense, but it requires skill and a device. https://www.pfsense.org/

In my opinion, there is no such thing as better or worse. It all depends on the rules you set and the level of difficulty of setting rules or your skills.

On my laptop I have TinyWall - it is super lightweight, easy to unblock/block a program, process, connection, port and is enought for me.
It allows you to work in parallel with the built-in firewall in Windows, to which I import IP and address blacklists from https://abuse.ch/ every day using a simple script in Python. If I mess up something in TinyWall config or need to disable it, a set of basic rules (which e.g. block windows telemetry and other bloat) stay in Windows firewall as default basic config.
You can export your basic config from TinyWall as file and import it after, if toy need to revert changes.

 

I went from Simplewall back to WFC after ~6 years. Every release of Simplewall in the past year has been getting stuck in a loop where it hogs an entire core until restarted for me. Also seemingly won't accept some 'Allow' rules for some reason, no matter how often you approve the notification, notably on the Bing AI pages. WFC has been good to me so far. Also free / been around for decades.

 

I'm yet to properly try TinyWall and SimpleWall, being legally free is a big plus,
if you want some behavior-based firewall with immediate popups (like LittleSnitch on Mac for ex.) then NetLimiter is a powerful option (if you set its behavior to alert/popup mode),

selfhosted firewall on local network like pfSense suggested by @deathroit or OPNsense is great option, but I'd argue it's better used as additional layer, not sole solution, also keep in mind if you travel with a laptop, it won't work (unless you'd have properly configured selfhosted VPN server to connect all the time),
in that regard something like PiHole can actually serve as kind of firewall/blocker too (especially if you're mainly concerned about editing hosts file to block exact sites only, not whole applications - but again I'd recommend it as additional layer, not the only solution)

 

Last edited: Nov 11, 2023

Malwarebytes Windows Firewall Control has done a good job for me so far, together with a well kept hosts file in case one measure should fail.
I like that it adapts by applying the same decision you made when you chose the option to let the program create and save a rule in your windows firewall settings to block or allow every time the exact same process is triggered in the future.
It means once you've done the initial work by creating rules, it's going to become easier to maintain it and soon it'll be running smoothly without having to worry about maintainence too much
It's definetly a good option for people who dont know a whole lot about firewalls and related topics and just need an easy method to block every outgoing connection by default except the ones you've previously allowed.

 

Last edited: Nov 9, 2023

Evorim free firewall is very good. https://www.evorim.com/en/free-firewall.
You can program it to ask for every connection attempt, and or program your own rules for different applications.

Also Cómodo free firewall is very efficient and have the same functions, but it comes with some kind antivirus which is not programable, so Evorim is much better.

 

Simplewall has been effective so far for me. 0 problem for 3-4 years. lightweight. easy to use.

 

Also used SimpleWall until I switched to a commercial Firewall from GData, which is the best in my opinion.
It's included in GData Internet Security and that is also the best antivirus solution for windows if you ask me.
I'm using it basically since 10 Years with some breaks in betweeen where I switched to free software.

In GData you can create custom rules for every process and every port. You even can create rules for
processes that got started by another process, for example to block a plugin that got started by a DAW
but still let the DAW connect.

I've created several of such rules to let specific programs only connect when I'm running them manually
but deny everything when they get started automatically in the background from like explorer.exe
or another process. One of the reasons is that I want to control when to download updates.

Or you can block specific connections from a process but let other connections go through,
for example when a process tries to validate a working network connection but when it comes to
call the license servers, you can block that specific one.

The best thing is, you can obtain licenses for GData on ebay for like $8 istead of paying $40 for a year
and when the license period runs out, the firewall and GData itself continues to work, you only won't
get virus definition updates anymore until you renew the license.

 

oh one more thing to be careful about - dependency on Windows Firewall itself;
years back I used GlassWire for a while, but it could not at all function with Windows firewall disabled/removed because it was relying on WF components for Glasswire functionality

 

One thing I like about Windows Firewall Control is that it is just a better GUI for the built-in MS Firewall.
All the actual rules are written to the Windows Firewall.

You can easily filter by "User Rules" (ones you created while using WFC) and delete entries that are invalid or duplicates (often from blocking installers that are now only in archives, or if programs are moved to other drives ..games in particular).
It seemed very easy to understand for me.
I'd tried a few with mixed feelings, not being sure if they would block everything, what was happening in general and what would happen if I had to uninstall them.
With WFC I never had those questions and only had to figure out 2 things:
1) Set Filtering to : Medium Filtering
2) Notifications: Display Notifications
I've never had to do more than that, and never been blocked, blacklisted or been "called home" on.

 

They dont have a trial, or did I miss it?

This is one the most important funcrion of a firewall for me: Interactive Ask prompt window allows creating rules in real-time. Many conditions can be specified to fine-tune rules.
Netlimiter is very cheap: 19 euros / 1 year, 29 euros / 2 years. And it seems that there is a trial period as you can download it before paying.

 

Last edited: Nov 10, 2023

Thanks for the suggestions, there are a lot of options.. free & open-source it seems to be TinyWall vs SimpleWall, and tinywall doesnt do notifications but here's their take on that

As long as the blocked connections are logged i dont mind no notifications

 

I completely disagree with this statement, as most of the firewalls that use popups allows the user to create rule for each connection, so the number of popups decrease while the firewall learns from the user decisions.

 

When you just download their installer and install it, then (I think) they'll ask you if
you've got a license or if you want to try it for 30 days. It was like that in the past.

If you just want to use the firewall, it could probably work when you deselect the
Antivirus module (if possible) in the setup. Otherwise you can disable it completely
after installation and just use the Firewall.

As I said before, I bought my license for 8€ on ebay. Those licenses get sold to
PC manufacturers and other distributors and they sell the remaining licenses on ebay then.
For 11-15€ you even can get a 3 years license.

 

I've tried both and I use SimpleWall, it's a better TinyWall because it has pop-ups to ask for every program. Used it on W10 and W11 with no problem at all.

 

Once you try Malwarebytes Windows Firewall Control, nothing else will do. Very light and utilizes your existing Windows Firewall rules.

 

Tinywall I'm using on Win10 here. Difference from Win 7 - where tinywall worked beautifully - is that on Win10 I cannot edit the HOSTS file until I go to Manage--General TAB-- and disable there "Prevent Modifications to hosts file" and disable "Enable Blocklists". Then when I checked out a document/forum post on the blocked site, I simply re-block the site in the hosts file again, then in Tinywall I switch this hosts-file lock ON again by putting a mark into the above two checkboxes. Also on Win10 Tinywall has a service, which I disable or enable sometimes.. Other than that Tinywall on Win10 blocks hacked software that tries to phone home. So I cannot complain..

 

i use netlimiter 4 pro