Serious Discussion Fort Firewall

tnodir

tnodir

Level 6
Thread author
Verified
Well-known
Apr 19, 2022
262
Fort Firewall 3.17.4
  • UI: Options: Statistics: Add "Clear connections on exit (reduce disk writes)" flag (#502).
  • UI: Connections: Copy as filter by "Ctrl+Shift+C".
  • UI: ProgramEdit: Fix wildcard switch saving with edited path (#501).
  • UI: Detect wildcard path for "-c prog ..." commands (#501).
Attention: The "Clear connections on exit (reduce disk writes)" flag will be enabled by default for new installations from next release!
 
Last edited:
  • Like
  • +Reputation
Reactions: oldschool, piquiteco, silversurfer and 2 others
R

ranecogofi

New Member
Mar 18, 2025
15
Should Windows Firewall be disabled when using Fort? Is there a possibility for conflict if both are running? i.e traffic should be blocked by Fort rules but is allowed because of Windows Firewall rules.
 
R

ranecogofi

New Member
Mar 18, 2025
15
tnodir said:
FAQ: Do I need to / Should I have - Windows Firewall (Microsoft Defender Firewall) enabled and running together with Fort Firewall?
Click to expand...
Hi @tnodir, thanks for the link.

I saw your comment here
tnodir said:
Keep in mind, the standard Windows Firewall (WFw) has built-in rules for 0.0.0.0 address.
If the WFw is not turned off, then Windows can connect to DHCP server on startup after some time.
Click to expand...
Is this still relevant?
Does it mean that if Windows Firewall is not turned off there is a possibility that a connection is allowed when it's set to block in Fort rules?
Or am I not understanding it properly?
 
Parkinsond

Parkinsond

Level 8
Dec 6, 2023
360
ranecogofi said:
Hi @tnodir, thanks for the link.

I saw your comment here

Is this still relevant?
Does it mean that if Windows Firewall is not turned off there is a possibility that a connection is allowed when it's set to block in Fort rules?
Or am I not understanding it properly?
Click to expand...
No, it will not be allowed.
Consider it as having two consequent sieves; in order to pass the pore have to be open in both.
 
  • Like
Reactions: ranecogofi and tnodir
tnodir

tnodir

Level 6
Thread author
Verified
Well-known
Apr 19, 2022
262
ranecogofi said:
Is this still relevant?
Does it mean that if Windows Firewall is not turned off there is a possibility that a connection is allowed when it's set to block in Fort rules?
Click to expand...
Yes, it's relevant: the `0.0.0.0` for IPv4 or `::` for IPv6 are treated in special way by WFP and not filtered by Fort Firewall, because they are allowed early.

I've double checked today by disabling/enabling a network adapter and monitoring connections by "System Informer": Firewall tab.
DHCP requests to `0.0.0.0` address are implicitly allowed by WFP.

I don't know, if those filters will be removed when turning off the WFw.
It's an exercise for your own..
 
  • Like
  • Thanks
Reactions: piquiteco, simmerskool and ranecogofi
R

ranecogofi

New Member
Mar 18, 2025
15
tnodir said:
Yes, it's relevant: the `0.0.0.0` for IPv4 or `::` for IPv6 are treated in special way by WFP and not filtered by Fort Firewall, because they are allowed early.

I've double checked today by disabling/enabling a network adapter and monitoring connections by "System Informer": Firewall tab.
DHCP requests to `0.0.0.0` address are implicitly allowed by WFP.

I don't know, if those filters will be removed when turning off the WFw.
It's an exercise for your own..
Click to expand...
Tried toggling a network adapter, System Informer seems to show that connection to 0.0.0.0 is blocked.
ssfirewall.png


Is it normal that System Informer only shows DROP action? I don't see anything other than DROP, allowed connection just does not show up.
 
R

ranecogofi

New Member
Mar 18, 2025
15
@tnodir do you know if I need to set up my firewall a certain way for allow rules to show up on System Informer or should it just be by default?
So allowed connections on Fort, normally should show up in System Informer?
It's weird since even on a fresh install of Windows only drop showed up for me.
 
tnodir

tnodir

Level 6
Thread author
Verified
Well-known
Apr 19, 2022
262
@ranecogofi System Informer should work by default. I use it on virtual machines with various Windows versions and it works fine.

Please try to ask on System Informer's issues in GitHub. Also check this thread.

I use only portable zip archive of System Informer from canary builds.
 
Last edited:
  • Like
  • Thanks
Reactions: ranecogofi and simmerskool
R

ranecogofi

New Member
Mar 18, 2025
15
tnodir said:
@ranecogofi System Informer should work by default. I use it on virtual machines with various Windows versions and it works fine.

Please try to ask on System Informer's issues in GitHub. Also check this thread.

I use only portable zip archive of System Informer from canary builds.
Click to expand...
Ah, I found it, there is this "FwIgnoreAllow" setting that needs to be disabled on System Informer for it to show allowed connections.
It's working now, thanks for your support @tnodir.
ssfw.png
 
  • Like
Reactions: Gandalf_The_Grey, simmerskool and tnodir

Similar threads

Dashke
    • +Reputation
    • Like
    • Applause
Fort Firewall functionality
Replies
1
Views
2,861
Other security for Windows, Mac, Linux
I Walk MY Way
I Walk MY Way
Trident
    • Like
    • +Reputation
    • Thanks
Serious Discussion Decoding the Trend Micro Components and Protection Model
Replies
24
Views
4,839
Other security for Windows, Mac, Linux
Mahesh Sudula
Mahesh Sudula
Victor M
New Update Chrome 124 Ubuntu 24.04 LTS Apparmor profile
Replies
1
Views
1,497
ChromeOS & Linux
Victor M
Victor M

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top