[Feature] Plea to developer -- granular control of network connections per app. 🙏 #1925
Comments
This comment was marked as off-topic.
This comment was marked as off-topic.
|
This is something that I would like, but I would like to add onto this. For instance, port and rule automation through allowing or blocking. Let's say we have an app that wants to access port 80 outbound, if you click allow it will now create a rule to allow that app to use that port. Another feature would be rule appending. For instance that same app later asks for port 443 outbound, if we click allow, it adds a new port to the already created rule rather than creating a new one. You can make these both a feature of blocking too, it minimizes the total amount of rules making it easier to read and manage, without allowing total internet access to applications. I'm not sure how difficult this is to code, but the capability seems to already be there so I'm hoping it's not too difficult. It also minimizes attack surfaces by keeping unwanted ports from being public if you're using applications like svchost. You could allow 443 outbound, without allowing other stuff. |
|
👆 I would be in full support of @LZeugirdor 's description. That's how I would want it too. It would make simplewall the best of the best. The Little Snitch of Windows platform. |
|
@tnodir I always keep an open mind. Please can you recommend one to me? Haven't found anything even remotely close to simplewall :( |
|
@NikoMuffin I'm a developer of yet another firewall for Windows and got same question recently: tnodir/fort#366 |
|
Yes, that would be a very cool feature. I understand the main problem is to associate an IP address with a DNS name. Maybe use ETW? https://github.com/asgarciap/etw-dns We can store our own cache of IP addresses with a mapping process - IP address - domain |
|
@dealeks Not too sure about DNS I think it would be more effective to block domains with the specific port that was used to contact that domain, if there isn't a domain, blocking the port overall for an application is probably better if the IP keeps changing for whatever reason. |
|
@LZeugirdor this is to support blocking connections across domains, for example to allow svchost.exe connect only to *.microsoft.com . The WFP cannot block by domain, only by IP |
Checklist
App version
3.8.5 64bit
Problem you are trying to solve
Henry,
The most major thing missing from simplewall is the ability to have granular control over every network connection that is requested by an app.
Suggested solution
What we're looking for is something like Little Snitch and Vallum for Mac. Right now simplewall only allows me to allow or deny network connections, but there are some apps I want to allow to a specific site, but I don't know what that site is.
Wouldn't it be great if simple wall would alert the user in an advanced mode "Listary has tried to connect to - allow or deny". The user would be able to deny just that connection or global altogether.
This is the single biggest feature this app is missing. I know it's complex, but please please please consider it. All the other firewall apps are slow, bloated and not open source.
PS: Thank you for this amazing app
Screenshots / Drawings / Technical details
Example of how little snitch handles network connections:
The text was updated successfully, but these errors were encountered: