Does anyone know of a FOSS Firewall for Windows

I currently use TinyWall Firewall, it works very well, it's small/portable, no complaints I even donated to the Dev but I would really prefer open source, also it needs to be user friendly like TinyWall so my non-tech family members can/will use it like they do with TinyWall.

45 comments

Update: I just discovered that TinyWall is now FOSS, GitHub Link If a very powerful, easy to config/maintain Windows firewall that is also now FOSS is something your interested in, I highly recommend giving TinyWall a try

26
- i use tinywall and haven't had any complaints.
  
  1
Okay, so this is a more topic-adjacent meta commentary, but this thread is a great example of something dumb.

Why is it that when people show up on the internet to ask how to do something, a bunch of people jump in to say that thing isn't worth doing?

I don't know how many times I've been googling for a solution to a problem and I keep finding people who tell OP not to bother rather than either providing a solution or just like, not commenting on a thread they're incapable of helping in.

Like, y'all get that these conversations turn into google results, right? You know how frustrating it is to google something and the first answer that comes up is 'google it'?

Drives me up a wall.

21
- There is a basic misunderstanding in OP's formulation: a "firewall for" is something one needed with Windows XP and earlier, as in a piece of software that acted as a firewall; nowadays, both Windows 7+ and Linux come with a built-in firewall, that one might want a "GUI for {}'s firewall".
  
  Whether people feel more inclined to explain the misunderstanding, or to just spew a "you can't" that's technically correct but unhelpful... YMMV, different people are different and may be of different mood at different times 🤷
  
  9
https://github.com/pylorak/TinyWall

https://github.com/Safing/portmaster

https://github.com/henrypp/simplewall
9
There seems to be a misunderstanding:

A "firewall for" is something one needed with Windows XP and earlier, as in "a piece of software that acted as a firewall".

Nowadays, both Windows 7+ and Linux come with a built-in firewall, that one might want a "GUI for {}'s firewall".

One of such GUIs, is TinyWall, that is also FOSS (GPLv3). I see people have suggested some more.

To be precise, all these options are inferior in functionality to firewalls like ZoneAlarm... but since you're asking for a non-tech friendly solution, they should be adequate.
8
- ZoneAlarm is trash compared to Suricata or Snort.
  
  3
  
  Does Suricata or Snort allow the user to block per-process outgoing traffic?
  
  2
I would really prefer open source

... this does not compute. If you actually truly prefer open source, why are you using Windows?

8
- I knew I was going to find a comment like this and I am disappointed that I did.
  
  It is hard for people to make transitions specially because they probably used Windows their own life. If they are asking for a FOSS firewall they most likely know they should transition to Linux at some point. There is actually no need to be the questioning person.
  
  I use arch btw
  
  24
  
  Why are you disappointed? It was just a question out of curiosity. Nothing wrong with asking a question, this is a community centered around discussions, is it not? It's not Stack Overflow or something, where we follow a strict question-answer format.
  
  It is hard for people to make transitions specially because they probably used Windows their own life. If they are asking for a FOSS firewall they most likely know they should transition to Linux at some point.
  
  And that is just your assumption. What if they were only using Windows to play some games, but didn't realise that those games were now actually playable in Linux?
  
  2
- Because spending years setting up a system using nothing but open source from the start, you'd still not approach what windows can do out the box with far less effort.
  
  I'm also not spending my time teaching old dogs new tricks, nor spending my time solving problems for them which just shouldn't exist (e.g. The stupid print monitor mentioned below).
  
  I keep having to say this, as much as I like Linux for certain things, as a desktop it's still no competition to Windows, even with the dumb shit MS does.
  
  As some background - I had my first UNIX class in about 1990. I wrote my first Fortran program on a Sperry Rand Univac (punched cards) in about 1985. Cobol was immediately after Fortran (wish I'd stuck with Cobol).
  
  I run a Mint laptop. Power management is a joke. Configured as best as possible, walked in the other day and it was dead - as in battery at zero, won't even boot. Windows would never do this, unless you went out of your way to config power management to kill the battery (even then, to really kill it you have to boot to BIOS and let it sit, Windows will not let a battery get to zero).
  
  There no way even possible via the GUI to config power management for things like low/critical battery conditions /actions.
  
  There are many reasons why Linux doesn't compete with Windows on the desktop - this is just one glaring one.
  
  Now let's look at Office. Open an Excel spreadsheet with tables in any app other than excel. Tables are something that's just a given in excel, takes 10 seconds to setup, and you get automatic sorting and filtering, with near-zero effort. No, I'm not setting up a DB in an open-source competitor to Access. That's just too much effort for simple sorting and filtering tasks, and isn't realistically shareable with other people.
  
  Now there's that print monitor that's on by default, and can only be shut up by using a command line. Wtf? In the 21st century?
  
  Networking... Yea, samba works, but how do you clear creds you used one time to connect to a share, even though you didn't say "save creds"? Oh, yea, command line again or go download an app to clear them for for you. Smh.
  
  Someone else said it better than me:
  
  Every time I've installed Linux as my main OS (many, many times since I was younger), it gets to an eventual point where every single thing I want to do requires googling around to figure out problems. While it's gotten much better, I always ended up reinstalling Windows or using my work Mac. Like one day I turn it on and the monitor doesn't look right. So I installed twenty things, run some arbitrary collection of commands, and it works.... only it doesn't save my preferences.
  
  So then I need to dig into .bashrc or .bash_profile (is bashrc even running? Hey let me investigate that first for 45 minutes) and get the command to run automatically.. but that doesn't work, so now I can't boot.. so I have to research (on my phone now, since the machine deathscreens me once the OS tries to load) how to fix that... then I am writing config lines for my specific monitor so it can access the native resolution... wait, does the config delimit by spaces, or by tabs?? anyway, it's been four hours, it's 3:00am and I'm like Bryan Cranston in that clip from Malcolm in the Middle where he has a car engine up in the air all because he tried to change a lightbulb.
  
  And then I get a new monitor, and it happens all damn over again. Oh shit, I got a new mouse too, and the drivers aren't supported - great! I finally made it to Friday night and now that I have 12 minutes away from my insane 16 month old, I can't wait to search for some drivers so I can get the cursor acceleration disabled. Or enabled. Or configured? What was I even trying to do again? What led me to this?
  
  I just can't do it anymore. People who understand it more than I will downvote and call me an idiot, but you can all kiss my ass because I refuse to do the computing equivalent of building a radio out of coconuts on a deserted island of ancient Linux forum posts because I want to have Spotify open on startup EVERY time and not just one time. I have tried to get into Linux as a main dev environment since 1997 and I've loved/liked/loathed it, in that order, every single time.
  
  I respect the shit out of the many people who are far, far smarter than me who a) built this stuff, and 2) spend their free time making Windows/Mac stuff work on a Linux environment, but the part of me who liked to experiment with Linux has been shot and killed and left to rot in a ditch along the interstate.
  
  Now I love Linux for my services: Proxmox, UnRAID, TrueNAS, containers for Syncthing, PiHole, Owncloud/NextCloud, CasaOS/Yuno, etc, etc. I even run a few Windows VM's on Linux (Proxmox) because that's better than running Linux VM's on a Windows server.
  
  Linux is brilliant for this stuff. Just not brilliant for a desktop, let alone in a business environment, or for people who are already well versed with windows.
  
  Linux doesn't even use a common shell (which is a good thing in it's own way), and that's a massive barrier for users. The Mint shell doesn't use right-click... Really?
  
  If it were 40 years ago, maybe Linux would've had a chance to beat MS, even then it would've required settling on a single GUI (which is arguably half of why Windows became a standard, the other half being a common API), a common build (so the same tools/utilities are always available), and a commitment to put usability for the inexperienced user first.
  
  These are what MS did in the 1980's to make Windows attractive to the 3 groups who contend with desktops: developers, business management, end users.
  
  All this without considering the systems management requirements of even an SMB with perhaps a dozen users (let alone an enterprise with tens of thousands).
  
  12
  
  Because spending years setting up a system using nothing but open source from the start, you'd still not approach what windows can do out the box with far less effort.
  
  This is a flawed argument, the opposite of:
  
  Because spending years stripping(*) a system from adware and bloat, you'd still not approach how slim Linux can be out of the box with far less effort.
  
  Just pick a target, then use whichever tool gets you closer to it... and I think you know it, no need for a rant.
  
  (* there are actual tools to strip and reset the tracking and ads in Windows... obviously for people who accepted to get early updates, install the "Preview" versions, and haven't read that it means they're now betatesters with telemetry enabled 🙄)
  
  PS: settling on a "single GUI", is kind of ironic given the multiple GUI versions of the control panel in modern Windows.
  
  4
- Preferences are rarely black and white. I prefer locally grown vegetables, yet those are not the only kind of veggies I buy.
  
  12
  
  That's not quite the same. It's like ordering a small salad whilst having a Big Mac meal at McDonald's, and claiming that you prefer healthy food.
  
  Surely you see the irony of the situation?
  
  2
What's wrong with the built in windows firewall? It works well, has a GUI to add rules, etc.. You don't even need to touch it on a default setup for most people.

7
- Because it's awful to use, counter-intuitive, and fucking breaks network connectivity all the time by switching private networks to public on a whim.
  
  Fuck that piece of shit for that reason alone. I've seen it fuck domain controllers doing this, when "supposedly" it can't do this on a DC. Know what happens then? I can't RDP to the server from it's own local network.
  
  This is such a problem we run a powershell script on a schedule to ensure the connections remain private.
  
  5
  
  TinyWall doesn't change the firewall, it's just an alternative GUI... like setting it from PowerShell.
  
  5
  
  I haven't had that happen unless my gateway or DHCP server changes, but on a server wouldn't adding the rules to both public and private profiles solve that too?
  
  2
  
  Could you share that script? Sounds like a nifty grassroots tech solution.
  
  2
  
  But he's not using it in a domain environment.
  
  1
- This. There really is no point in installing something like tinywall, when there is a built in firewall that has more functionality (granted its much less user friendly).
  
  4
  
  TinyWall is a simplified GUI for the Windows firewall... some may like it, some may not.
  
  1
OK, since this was my first post here I did not expect the conversation to get so lively. I appreciate every single input. I thought my initial request was simple and clear with the words "non-tech" and "family members" but for the curious I will expand a bit.

For starters of course I am the "sys-admin" of my families tech life, my main personal PC is not Windows based but every member of my family is because every flavor of Linux I have convinced a family member to try has resulted in utter failure for them, sad but true.

They like the simple UI over the Windows firewall because I had no success trying to get them to understand/use the built-in windows version "Easy" to block per-process out/in traffic "Easy" to block ALL traffic, etc... Having them understand/use traffic blocking at the app level has made all of them much safer/smarter users. I start them with almost everything locked down, they open/monitor what they use, nobody shares a PC so this works perfect.

and finally for me, I needed Open Source so I can inspect the code for any tomfoolery, make any custom changes needed/wanted, and compile on my own. Free is never a requirement, I will always support the devs of software I end up using.

Thanks again for all the input, I read and followed everything, I was not planning on this much TMI but felt it warranted after reading the responses.

4
- Sorry you had to write this down, OP. On the internet people make a lot of assumptions. I hope you ended up getting a reply.
  
  1
- ‏‏‎ ‎
  
  1
Check out Simplewall. Simple enough and not complicated.

https://simplewall.en.lo4d.com/windows

2

You've viewed 45 comments.