Is there a Firewall with a quick toggle per program, to open/close connection?

[nudone]

I use NetLimiter 3 Pro as firewall. This allows me to open and close connections per application - which I find very handy when testing local (wamp) versions of websites. I need to block my "development" brower's outbound connections to reassure myself that the site I'm testing is using the correct URLs.

The slight problem with this setup is that I tend to swap between live and local versions of the sight whilst fixing issues, which means I have to keep toggling the open/blocked connection of the browser. This wouldn't annoy me if it were just a quick click a single button process - but, instead, it requires four or more clicks (six or more if I have to go into the tray to open NetLimiter).

So, my question is:

Is there a firewall that has a quick single click type open/close connection button for each program it is monitoring. Even better would be something that allowed for creating a (desktop) shortcut that activated the toggle.

My request is for a toggle button thing per connected program - NOT a global type firewall block to disconnect all current connected programs.

Thanks.

[4wd]

Does NetLimiter work as a replacement for Windows Firewall or can it run in conjunction with it?

You could, (in theory), use the netsh advfirewall firewall command along with Ath's WinButton program to control specific rules in Windows Firewall, some netsh examples are shown here:

How to use the "netsh advfirewall firewall" context instead of the "netsh firewall" context to control Windows Firewall behavior in Windows Server 2008 and in Windows Vista

[nudone]

I think NetLimiter works okay alongside Windows Firewall. (My original use for NetLimiter was to mimic slow connections, I don't even really use it as a firewall except to block things in the way I mentioned above. My "real" firewall is the one built into Windows... 7.)

Thanks for the link, 4wd. That looks like it could do just what I need.

[4wd]

If you could get it to toggle the profile of the program, (eg. Public->Private, Private->Public), that should do what you want but it's probably going to take a little experimentation to get it right.

This might be a better link for syntax: Netsh AdvFirewall Firewall Commands

An alternative way would be create a rule that only allows, say Firefox, access to Private IPs:
netsh advfirewall firewall add rule name="nudone hatez netz" dir=out program="C:\Program Files\Mozilla\Firefox.exe" action=allow profile=private enable=yes

And then to allow it to access the internet, just disable the rule:
netsh advfirewall firewall set rule name="nudone hatez netz" dir=out program="C:\Program Files\Mozilla\Firefox.exe" new enable=no

To disable internet access, enable the rule:
netsh advfirewall firewall set rule name="nudone hatez netz" dir=out program="C:\Program Files\Mozilla\Firefox.exe" new enable=yes


Above commands tested working....finally  

[nudone]

Ah, I see, that looks good. Thanks, 4wd, I'll experiment later today and report back.

[4wd]

The above commands work - you might need to fiddle with the initial state, (enable/disable), or profile, (private/public/domain), to get it to perform how you want.

Stupid me, I'm looking at it wrong - you probably want: action=block profile=public enable=yes

Then just disable to allow internet access.

[nudone]

Hmm, I did spot the command needed swapping around a bit, but I have a bigger problem it seems.

At the moment, Windows firewall doesn't block the browser I'm telling it to. This isn't related to the command(s) as I've gone in and manually tested out a few rules in Window Firewall - something I've not had a problem with before.

I thought maybe NetLimiter was getting in the way but it seems not.

So, at the moment, something very odd is going on.

[superboyac]

nudone, I've been looking for this for a while also.  4wd created this program a while back:
https://www.donation...ex.php?topic=25468.0

Which is a button that will block/unblock ALL network access.  I know that's not what you want.  I also found some obscure shareware at one point that had a nifty blocking/unblocking interface.

But like you, my preferred program is Netlimiter.  It's not perfect, but it comes closest to allowing the user to easily control network activity.  Other firewall programs make it much more complicated and more difficult to understand.  It's an interface issue.  I wish Netlimiter would have an easy access on/off button for ALL network activity.  I also wish they'd have an on/off button that works reliably for each of those connections in it's list.  Like, you know how each row has a box where you can specify the upload/download speed limits?  Each row should also have a button (like the red/green button in 4wd's program) to block/unblock that connection.  That would be super handy.

I'm all for finding programs that gives the user fine-grain control on network activity.  I don't mean regular firewalls, I mean more specialized interfaces like Netlimiter.

[superboyac]

Speaking of which, there's another Netlimiter-like program, NetBalancer:
http://seriousbit.com/netbalancer/

Anyone with experience to compare the two?  Maybe it can do nudone's request with fewer clicks?

[nudone]

Yep. I agree with everything you say about NetLimiter, superboyac.

At the moment, it looks like that's what I'll still be using - haven't figured out why Windows Firewall isn't doing anything regarding new rules. Plus, NetLimiter does provide a nice, quick, graphical way of seeing which connections are blocked/open/ask.

What I changed today, is my habit of closing NetLimiter's window. I've moved the few programs I tend to block/open into the "Hidden" NetLimiter tab and then made that the focus so it becomes an even easier list to control and identify.

[eleman]

haven't figured out why Windows Firewall isn't doing anything regarding new rules.

-nudone (July 09, 2012, 10:19 AM)

Did you try restarting the service after changing the rules? It may work, though I have no way to try.


ed.: damn grammar.

[nudone]

Forgot to mention the free, Privatefirewall, available here: http://www.privacywa...rsonal_firewall.html

This does, almost, have the single click button feature for toggling each program's connection. It is a right click, then select from menu type method so, not as good as a single click. If it was, I think I'd use it over NetLimiter.

[nudone]

haven't figured out why Windows Firewall isn't doing anything regarding new rules.

-nudone (July 09, 2012, 10:19 AM)

Did you try restarting the service after changing the rules? It may work, though I have no way to try.

-eleman (July 09, 2012, 10:23 AM)

I've tried deleting and recreating and also creating new rules for other programs. It just seems like the Windows Firewall isn't doing anything at all.

I've not spent a lot of time looking at it - will try and figure it out later. Those commands 4wd mentioned are still going to be very handy if I can WF to work properly.

[nudone]

Right, I've had another look at Windows Firewall. Whatever it is doing, it is welcome to carry on as I haven't the inclination to figure it out - it makes no sense to me.

Blocking rules work for:

Firefox
Chrome
Internet Explorer


Blocking rules DON'T work for:

Opera
Safari
Palemoon Portable

I've not tested other browsers and programs as it wouldn't reveal anything to me. (All those browsers are installed under Program Files (x86).)

[4wd]

I think I've worked it out, well it seemed to work here but it's 0220 and I've got to get up in 2 hours  

Anyway, by default WFwAS, (Windows Firewall with Advanced Security), allows all outgoing connections so you have to set it to Block connections by default for the Private profile.
You then need to create rules for the programs you want to let through, including your browsers, just like you would with a normal firewall.

Once you've done that, you can limit the access your browsers have by using the netsh command like above but using the remoteip option, (not profile or enable).

eg. remoteip=any                     Full access
     remoteip=192.168.0.1/24      LAN access only

Sorry, my screw up with the mis-leading profile stuff above, (I think old age is catching up to me).

[nudone]

I think I've worked it out, well it seemed to work here but it's 0220 and I've got to get up in 2 hours  

Anyway, by default WFwAS, (Windows Firewall with Advanced Security), allows all outgoing connections so you have to set it to Block connections by default for the Private profile.
You then need to create rules for the programs you want to let through, including your browsers, just like you would with a normal firewall.

Once you've done that, you can limit the access your browsers have by using the netsh command like above but using the remoteip option, (not profile or enable).

eg. remoteip=any                     Full access
     remoteip=192.168.0.1/24      LAN access only

Sorry, my screw up with the mis-leading profile stuff above, (I think old age is catching up to me).

-4wd (July 09, 2012, 11:28 AM)

Thanks, (and get to bed!) I'll look at this again tomorrow now that you've discovered a bit more.

Hopefully it doesn't change what you've just said but I was manually setting up blocking rules on each of the browsers (just using the GUI for the firewall). So, all profiles (Domain, Private, Public) are selected and blocked and the rule enabled - so, I'm confused now why that isn't enough - hopefully it will be obvious when I see what you mean in the firewall control panel.


edit:

I think I see now...

I created a rule to block everything for the Private profile and this does block everything, including the browsers that wouldn't block before.

The problem with this approach is that "everything" is going to cause problems elsewhere or be too time consuming to start creating filters for all the programs that needs connections. It would be more secure, of course, but it seems like a backward approach to just blocking a couple of browsers (and Apache and MySQL sometimes).

I think I need a way to identify why some of the browsers are still getting through even when a rule says they are blocked for all profiles.

[IainB]

I use the Win 7-64 inbuilt firewall in conjunction with Windows 7 Firewall Control FREE to provide a quick toggle per program, to open/close connections.
It is brilliantly simple and requires no brain-twisting logic to set any rules. You just toggle an app ON or OFF through the Firewall.
I have since tried several other Firewall control apps. - including W7FC PLUS, and though they can undoubtedly give you a finer degree of control, they seem too tediously complicated and (human) error-prone.
So, I keep coming back to W7FC FREE.

[nudone]

Thanks, IainB, Windows 7 Firewall Control Free does provide a very quick way of toggling each program's connection. I like it, I'm just not sure if I like it enough to replace NetLimiter as that does the same, albeit with an extra mouse click. NetLimiter just has a better appearance and makes is easy to see (from a distance) which programs are blocked/open (because it has nice colour icons representing the connection state).

W7FC is a good candidate, definitely simpler to use that messing about with Windows Firewall rules.

[IainB]

...Windows 7 Firewall Control Free ... NetLimiter ... does the same, albeit with an extra mouse click. NetLimiter just has a better appearance and makes is easy to see (from a distance) which programs are blocked/open (because it has nice colour icons representing the connection state).

-nudone (July 09, 2012, 12:30 PM)

Sorry, I think I must have misunderstood your opening post requirement. I would not have suggested W7FC if I had known you already had something very similar (NetLimiter).
But that sounds interesting. I think I shall try NetLimiter out.
I can then add it to the list of the ones I have tried so far:

• TinyWallInstaller
• WFN (Windows Firewall Notifier)
• Windows Firewall Control v3.3.0.1 2012-05-30 - wfc
• Windows7FirewallControlPlus-Setup (PAID) - I incorrectly called it "W7FC PRO", in my comment above (now corrected).
• Windows7FirewallControl-Setup-x64 (FREE)

[nudone]

W7fc was a good suggestion. If it had the pretty icons it would be perfect.

[IainB]

If it had the pretty icons it would be perfect.

-nudone (July 10, 2012, 01:22 AM)