Serious Discussion Fort Firewall

Fort Firewall 3.17.4
  • UI: Options: Statistics: Add "Clear connections on exit (reduce disk writes)" flag (#502).
  • UI: Connections: Copy as filter by "Ctrl+Shift+C".
  • UI: ProgramEdit: Fix wildcard switch saving with edited path (#501).
  • UI: Detect wildcard path for "-c prog ..." commands (#501).
Attention: The "Clear connections on exit (reduce disk writes)" flag will be enabled by default for new installations from next release!
 
Last edited:
  • Like
  • +Reputation
Reactions: oldschool, piquiteco, silversurfer and 2 others
Should Windows Firewall be disabled when using Fort? Is there a possibility for conflict if both are running? i.e traffic should be blocked by Fort rules but is allowed because of Windows Firewall rules.
 
tnodir said:
FAQ: Do I need to / Should I have - Windows Firewall (Microsoft Defender Firewall) enabled and running together with Fort Firewall?
Click to expand...
Hi @tnodir, thanks for the link.

I saw your comment here
tnodir said:
Keep in mind, the standard Windows Firewall (WFw) has built-in rules for 0.0.0.0 address.
If the WFw is not turned off, then Windows can connect to DHCP server on startup after some time.
Click to expand...
Is this still relevant?
Does it mean that if Windows Firewall is not turned off there is a possibility that a connection is allowed when it's set to block in Fort rules?
Or am I not understanding it properly?
 
ranecogofi said:
Hi @tnodir, thanks for the link.

I saw your comment here

Is this still relevant?
Does it mean that if Windows Firewall is not turned off there is a possibility that a connection is allowed when it's set to block in Fort rules?
Or am I not understanding it properly?
Click to expand...
No, it will not be allowed.
Consider it as having two consequent sieves; in order to pass the pore have to be open in both.
 
  • Like
Reactions: ranecogofi and tnodir
ranecogofi said:
Is this still relevant?
Does it mean that if Windows Firewall is not turned off there is a possibility that a connection is allowed when it's set to block in Fort rules?
Click to expand...
Yes, it's relevant: the `0.0.0.0` for IPv4 or `::` for IPv6 are treated in special way by WFP and not filtered by Fort Firewall, because they are allowed early.

I've double checked today by disabling/enabling a network adapter and monitoring connections by "System Informer": Firewall tab.
DHCP requests to `0.0.0.0` address are implicitly allowed by WFP.

I don't know, if those filters will be removed when turning off the WFw.
It's an exercise for your own..
 
  • Like
  • Thanks
Reactions: piquiteco, simmerskool and ranecogofi
tnodir said:
Yes, it's relevant: the `0.0.0.0` for IPv4 or `::` for IPv6 are treated in special way by WFP and not filtered by Fort Firewall, because they are allowed early.

I've double checked today by disabling/enabling a network adapter and monitoring connections by "System Informer": Firewall tab.
DHCP requests to `0.0.0.0` address are implicitly allowed by WFP.

I don't know, if those filters will be removed when turning off the WFw.
It's an exercise for your own..
Click to expand...
Tried toggling a network adapter, System Informer seems to show that connection to 0.0.0.0 is blocked.
ssfirewall.png


Is it normal that System Informer only shows DROP action? I don't see anything other than DROP, allowed connection just does not show up.
 
@tnodir do you know if I need to set up my firewall a certain way for allow rules to show up on System Informer or should it just be by default?
So allowed connections on Fort, normally should show up in System Informer?
It's weird since even on a fresh install of Windows only drop showed up for me.
 
@ranecogofi System Informer should work by default. I use it on virtual machines with various Windows versions and it works fine.

Please try to ask on System Informer's issues in GitHub. Also check this thread.

I use only portable zip archive of System Informer from canary builds.
 
Last edited:
  • Like
  • Thanks
Reactions: ranecogofi and simmerskool
tnodir said:
@ranecogofi System Informer should work by default. I use it on virtual machines with various Windows versions and it works fine.

Please try to ask on System Informer's issues in GitHub. Also check this thread.

I use only portable zip archive of System Informer from canary builds.
Click to expand...
Ah, I found it, there is this "FwIgnoreAllow" setting that needs to be disabled on System Informer for it to show allowed connections.
It's working now, thanks for your support @tnodir.
ssfw.png
 
  • Like
Reactions: Gandalf_The_Grey, simmerskool and tnodir

You may also like...