Welcome Guest.   Make a donation to an author on the site August 23, 2014, 10:22:52 AM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
View the new Member Awards and Badges page.
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: Is there a Firewall with a quick toggle per program, to open/close connection?  (Read 4620 times)
nudone
Cody's Creator
Columnist
***
Posts: 4,116



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« on: July 09, 2012, 05:26:59 AM »

I use NetLimiter 3 Pro as firewall. This allows me to open and close connections per application - which I find very handy when testing local (wamp) versions of websites. I need to block my "development" brower's outbound connections to reassure myself that the site I'm testing is using the correct URLs.

The slight problem with this setup is that I tend to swap between live and local versions of the sight whilst fixing issues, which means I have to keep toggling the open/blocked connection of the browser. This wouldn't annoy me if it were just a quick click a single button process - but, instead, it requires four or more clicks (six or more if I have to go into the tray to open NetLimiter).

So, my question is:

Is there a firewall that has a quick single click type open/close connection button for each program it is monitoring. Even better would be something that allowed for creating a (desktop) shortcut that activated the toggle.

My request is for a toggle button thing per connected program - NOT a global type firewall block to disconnect all current connected programs.

Thanks.
Logged
4wd
Supporting Member
**
Posts: 3,287



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #1 on: July 09, 2012, 06:12:34 AM »

Does NetLimiter work as a replacement for Windows Firewall or can it run in conjunction with it?

You could, (in theory), use the netsh advfirewall firewall command along with Ath's WinButton program to control specific rules in Windows Firewall, some netsh examples are shown here:

How to use the "netsh advfirewall firewall" context instead of the "netsh firewall" context to control Windows Firewall behavior in Windows Server 2008 and in Windows Vista
Logged

Four wheel drive: Helping you get stuck faster, harder, further from help...........and it's no different on this forum Evil
nudone
Cody's Creator
Columnist
***
Posts: 4,116



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #2 on: July 09, 2012, 06:22:39 AM »

I think NetLimiter works okay alongside Windows Firewall. (My original use for NetLimiter was to mimic slow connections, I don't even really use it as a firewall except to block things in the way I mentioned above. My "real" firewall is the one built into Windows... 7.)

Thanks for the link, 4wd. That looks like it could do just what I need.

Logged
4wd
Supporting Member
**
Posts: 3,287



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #3 on: July 09, 2012, 06:34:14 AM »

If you could get it to toggle the profile of the program, (eg. Public->Private, Private->Public), that should do what you want but it's probably going to take a little experimentation to get it right.

This might be a better link for syntax: Netsh AdvFirewall Firewall Commands

An alternative way would be create a rule that only allows, say Firefox, access to Private IPs:
netsh advfirewall firewall add rule name="nudone hatez netz" dir=out program="C:\Program Files\Mozilla\Firefox.exe" action=allow profile=private enable=yes

And then to allow it to access the internet, just disable the rule:
netsh advfirewall firewall set rule name="nudone hatez netz" dir=out program="C:\Program Files\Mozilla\Firefox.exe" new enable=no

To disable internet access, enable the rule:
netsh advfirewall firewall set rule name="nudone hatez netz" dir=out program="C:\Program Files\Mozilla\Firefox.exe" new enable=yes


Above commands tested working....finally  smiley
« Last Edit: July 09, 2012, 07:03:18 AM by 4wd; Reason: Forgot the Add and Set keywords. Forgot the New keyword too. » Logged

Four wheel drive: Helping you get stuck faster, harder, further from help...........and it's no different on this forum Evil
nudone
Cody's Creator
Columnist
***
Posts: 4,116



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #4 on: July 09, 2012, 06:49:10 AM »

Ah, I see, that looks good. Thanks, 4wd, I'll experiment later today and report back.
Logged
4wd
Supporting Member
**
Posts: 3,287



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #5 on: July 09, 2012, 07:13:02 AM »

The above commands work - you might need to fiddle with the initial state, (enable/disable), or profile, (private/public/domain), to get it to perform how you want.

Stupid me, I'm looking at it wrong - you probably want: action=block profile=public enable=yes

Then just disable to allow internet access.
« Last Edit: July 09, 2012, 07:22:55 AM by 4wd » Logged

Four wheel drive: Helping you get stuck faster, harder, further from help...........and it's no different on this forum Evil
nudone
Cody's Creator
Columnist
***
Posts: 4,116



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #6 on: July 09, 2012, 07:42:18 AM »

Hmm, I did spot the command needed swapping around a bit, but I have a bigger problem it seems.

At the moment, Windows firewall doesn't block the browser I'm telling it to. This isn't related to the command(s) as I've gone in and manually tested out a few rules in Window Firewall - something I've not had a problem with before.

I thought maybe NetLimiter was getting in the way but it seems not.

So, at the moment, something very odd is going on.
Logged
superboyac
Charter Member
***
Posts: 5,650


Is your software in my list?

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #7 on: July 09, 2012, 10:00:18 AM »

nudone, I've been looking for this for a while also.  4wd created this program a while back:
http://www.donationcoder....m/index.php?topic=25468.0

Which is a button that will block/unblock ALL network access.  I know that's not what you want.  I also found some obscure shareware at one point that had a nifty blocking/unblocking interface.

But like you, my preferred program is Netlimiter.  It's not perfect, but it comes closest to allowing the user to easily control network activity.  Other firewall programs make it much more complicated and more difficult to understand.  It's an interface issue.  I wish Netlimiter would have an easy access on/off button for ALL network activity.  I also wish they'd have an on/off button that works reliably for each of those connections in it's list.  Like, you know how each row has a box where you can specify the upload/download speed limits?  Each row should also have a button (like the red/green button in 4wd's program) to block/unblock that connection.  That would be super handy.

I'm all for finding programs that gives the user fine-grain control on network activity.  I don't mean regular firewalls, I mean more specialized interfaces like Netlimiter.
Logged

superboyac
Charter Member
***
Posts: 5,650


Is your software in my list?

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #8 on: July 09, 2012, 10:04:13 AM »

Speaking of which, there's another Netlimiter-like program, NetBalancer:
http://seriousbit.com/netbalancer/

Anyone with experience to compare the two?  Maybe it can do nudone's request with fewer clicks?
Logged

nudone
Cody's Creator
Columnist
***
Posts: 4,116



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #9 on: July 09, 2012, 10:19:49 AM »

Yep. I agree with everything you say about NetLimiter, superboyac.

At the moment, it looks like that's what I'll still be using - haven't figured out why Windows Firewall isn't doing anything regarding new rules. Plus, NetLimiter does provide a nice, quick, graphical way of seeing which connections are blocked/open/ask.

What I changed today, is my habit of closing NetLimiter's window. I've moved the few programs I tend to block/open into the "Hidden" NetLimiter tab and then made that the focus so it becomes an even easier list to control and identify.
Logged
eleman
Supporting Member
**
Posts: 267

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #10 on: July 09, 2012, 10:23:31 AM »

haven't figured out why Windows Firewall isn't doing anything regarding new rules.

Did you try restarting the service after changing the rules? It may work, though I have no way to try.


ed.: damn grammar.
Logged
nudone
Cody's Creator
Columnist
***
Posts: 4,116



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #11 on: July 09, 2012, 10:24:57 AM »

Forgot to mention the free, Privatefirewall, available here: http://www.privacyware.com/personal_firewall.html

This does, almost, have the single click button feature for toggling each program's connection. It is a right click, then select from menu type method so, not as good as a single click. If it was, I think I'd use it over NetLimiter.
Logged
nudone
Cody's Creator
Columnist
***
Posts: 4,116



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #12 on: July 09, 2012, 10:28:03 AM »

haven't figured out why Windows Firewall isn't doing anything regarding new rules.

Did you try restarting the service after changing the rules? It may work, though I have no way to try.

I've tried deleting and recreating and also creating new rules for other programs. It just seems like the Windows Firewall isn't doing anything at all.

I've not spent a lot of time looking at it - will try and figure it out later. Those commands 4wd mentioned are still going to be very handy if I can WF to work properly.
Logged
nudone
Cody's Creator
Columnist
***
Posts: 4,116



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #13 on: July 09, 2012, 10:55:41 AM »

Right, I've had another look at Windows Firewall. Whatever it is doing, it is welcome to carry on as I haven't the inclination to figure it out - it makes no sense to me.

Blocking rules work for:

Firefox
Chrome
Internet Explorer


Blocking rules DON'T work for:

Opera
Safari
Palemoon Portable

I've not tested other browsers and programs as it wouldn't reveal anything to me. (All those browsers are installed under Program Files (x86).)


Logged
4wd
Supporting Member
**
Posts: 3,287



see users location on a map View Profile Read user's biography. Give some DonationCredits to this forum member
« Reply #14 on: July 09, 2012, 11:28:35 AM »

I think I've worked it out, well it seemed to work here but it's 0220 and I've got to get up in 2 hours  Sad

Anyway, by default WFwAS, (Windows Firewall with Advanced Security), allows all outgoing connections so you have to set it to Block connections by default for the Private profile.
You then need to create rules for the programs you want to let through, including your browsers, just like you would with a normal firewall.

Once you've done that, you can limit the access your browsers have by using the netsh command like above but using the remoteip option, (not profile or enable).

eg. remoteip=any                     Full access
     remoteip=192.168.0.1/24      LAN access only

Sorry, my screw up with the mis-leading profile stuff above, (I think old age is catching up to me).
Logged

Four wheel drive: Helping you get stuck faster, harder, further from help...........and it's no different on this forum Evil
nudone
Cody's Creator
Columnist
***
Posts: 4,116



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #15 on: July 09, 2012, 11:36:24 AM »

I think I've worked it out, well it seemed to work here but it's 0220 and I've got to get up in 2 hours  Sad

Anyway, by default WFwAS, (Windows Firewall with Advanced Security), allows all outgoing connections so you have to set it to Block connections by default for the Private profile.
You then need to create rules for the programs you want to let through, including your browsers, just like you would with a normal firewall.

Once you've done that, you can limit the access your browsers have by using the netsh command like above but using the remoteip option, (not profile or enable).

eg. remoteip=any                     Full access
     remoteip=192.168.0.1/24      LAN access only

Sorry, my screw up with the mis-leading profile stuff above, (I think old age is catching up to me).

Thanks, (and get to bed!) I'll look at this again tomorrow now that you've discovered a bit more.

Hopefully it doesn't change what you've just said but I was manually setting up blocking rules on each of the browsers (just using the GUI for the firewall). So, all profiles (Domain, Private, Public) are selected and blocked and the rule enabled - so, I'm confused now why that isn't enough - hopefully it will be obvious when I see what you mean in the firewall control panel.


edit:

I think I see now...

I created a rule to block everything for the Private profile and this does block everything, including the browsers that wouldn't block before.

The problem with this approach is that "everything" is going to cause problems elsewhere or be too time consuming to start creating filters for all the programs that needs connections. It would be more secure, of course, but it seems like a backward approach to just blocking a couple of browsers (and Apache and MySQL sometimes).

I think I need a way to identify why some of the browsers are still getting through even when a rule says they are blocked for all profiles.

« Last Edit: July 09, 2012, 11:48:11 AM by nudone » Logged
IainB
Supporting Member
**
Posts: 4,620


Slartibartfarst

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #16 on: July 09, 2012, 12:08:45 PM »

I use the Win 7-64 inbuilt firewall in conjunction with Windows 7 Firewall Control FREE to provide a quick toggle per program, to open/close connections.
It is brilliantly simple and requires no brain-twisting logic to set any rules. You just toggle an app ON or OFF through the Firewall.
I have since tried several other Firewall control apps. - including W7FC PLUS, and though they can undoubtedly give you a finer degree of control, they seem too tediously complicated and (human) error-prone.
So, I keep coming back to W7FC FREE.
« Last Edit: July 10, 2012, 12:03:00 AM by IainB; Reason: \"W7FC PRO\" changed/corrected to \"W7FC PLUS\" » Logged
nudone
Cody's Creator
Columnist
***
Posts: 4,116



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #17 on: July 09, 2012, 12:30:05 PM »

Thanks, IainB, Windows 7 Firewall Control Free does provide a very quick way of toggling each program's connection. I like it, I'm just not sure if I like it enough to replace NetLimiter as that does the same, albeit with an extra mouse click. NetLimiter just has a better appearance and makes is easy to see (from a distance) which programs are blocked/open (because it has nice colour icons representing the connection state).

W7FC is a good candidate, definitely simpler to use that messing about with Windows Firewall rules.
Logged
IainB
Supporting Member
**
Posts: 4,620


Slartibartfarst

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #18 on: July 09, 2012, 10:20:23 PM »

...Windows 7 Firewall Control Free ... NetLimiter ... does the same, albeit with an extra mouse click. NetLimiter just has a better appearance and makes is easy to see (from a distance) which programs are blocked/open (because it has nice colour icons representing the connection state).
Sorry, I think I must have misunderstood your opening post requirement. I would not have suggested W7FC if I had known you already had something very similar (NetLimiter).
But that sounds interesting. I think I shall try NetLimiter out.
I can then add it to the list of the ones I have tried so far:
  • TinyWallInstaller
  • WFN (Windows Firewall Notifier)
  • Windows Firewall Control v3.3.0.1 2012-05-30 - wfc
  • Windows7FirewallControlPlus-Setup (PAID) - I incorrectly called it "W7FC PRO", in my comment above (now corrected).
  • Windows7FirewallControl-Setup-x64 (FREE)
« Last Edit: July 10, 2012, 12:03:33 AM by IainB » Logged
nudone
Cody's Creator
Columnist
***
Posts: 4,116



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #19 on: July 10, 2012, 01:22:02 AM »

W7fc was a good suggestion. If it had the pretty icons it would be perfect.
Logged
IainB
Supporting Member
**
Posts: 4,620


Slartibartfarst

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #20 on: July 10, 2012, 03:06:33 AM »

If it had the pretty icons it would be perfect.
Grin
Logged
Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.044s | Server load: 0.26 ]