pylorak / tinywall Goto Github PK

Hi! First of all, this project is amazing, good job guys.
I started to use this not too long ago, and it's honestly really solid piece of software. There may be some things that I'd like being differently done, but these are negligible.
There is one feature that I'd like to see being implemented though, and that is an option to unblock executables in a folder (and its subfolders).
To give an example why it would be useful: applications like Discord stores their executable in a folder containing their version (for me it's currently called "app-1.0.72"). When an update happens, that update is downloaded into a new folder and is then used instead. That means the old rules you may had for the previous version are no longer applied. And that's just one example.

I'd love to see something like this being implemented (if this project is still being worked on, that is...).

Tinywall mode is on normal protection after pc restart. If i set disabled mode it will change after restart. Can we fix it? Thank you very much.

Many apps now have tracking like browsers, instead of blocking the whole browser, perhaps make an option to log all dns requests from a browser for example, and then we can block individual sites/ports.
Thanks in advance,

The copyright year in 'About' should be adressed. It say 2011.

I'd prefer it if not google was used as the search engine.
Perhaps the browser's custom search engine could be used instead?
(or search engine could be configurable?)

Some applications update on daily basis and like to change paths changing the folder name with their versions like:
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.133\msedgewebview2.exe
C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe

so if we could do something like this:
C:\Program Files (x86)\Microsoft\EdgeWebView\Application*\msedgewebview2.exe
C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_*\Spotify.exe

The * would allow anything.

When trying to install V3.3.1 & V3.3.0 on W11 22H2 - 22621.2134, I get the error: There is a problem with this Windows Installer package. A program run as a part of the setup did not finish as expected. Contact your support personnel or package vendor.

I checked my MSI file as well, as every other MSI package works with my MSI exec file, but it only errors with TinyWall. I would have tried the older version, but the old versions are not available for download on uptodown for many days now (more than 7 days now), since they keep throwing: Due to maintenance, downloads are currently not available. We're working to restore the service as soon as possible. We apologize for any inconvenience this may cause you. 404 page.

Date when rule has added, column

thanks,

I've had the issue that whenever I try to right-click or even just click the tray icon, the controller will take an unreasonable amount of time to show the context menu. Sometimes even the UI will freeze completely on me unable to control it at all. This has been going on for as long as I can remember having the app and I'm just so tired of it. This also happens on fresh Windows installs.

Is there a fix? many thanks

Windows 10 Home 64 bit v19045.4291

Here's a sample of the app that just froze on me for no reason:

Often, i need to install something that requires python, node, the store or some other application that has a bunch of sub applications that requires internet access. I certainly dont want to grant them permanent access, nor do i want to allow each and every sub application access for 5 mins, just for an install. I tend to disable firewall, then forget until later to switch it on again.
It would be great to have a menu item in the tray icon where one can disable for 5 minutes, and not have to remember to switch it on again. Maybe useful to have a few different default times e.g. 1minute, 5 minutes, 1 hour, until reboot

Hi

I realized that if an app is run from a network drive, the rules by TW is not applied. Basically I can never unlock a process if it resides on a network drive.

I am on Windows 10 Pro x64, using 3.2.5

Please keep links to old versions of TinyWall available, e.g version 3.2.5, which is the last version to run on Windows 7 and 8.

Many of us keep using win versions 7 and 8.., and even 32bits, and even more ReactOS (yet 32bits win compatible OS)..

so, please, make and keep opensourced TinyWallLegacy since after v3.2.5 !!!

TinyWall_PL.zip

First of all an amazing piece of software.

The issue is when I check the blocked connections, it is blocking the System Executable for ICMPv4 protocol to IP 8.8.4.4 even though the System Executable is allowed with no restrictions.

Ive tried making every exception i can (adding child processes, exploring the various settings in each app exception), nothing works except disabling the tiny firewall entirely. Then when i start docker it will load, otherwise it fails

I have express vpn service exceptions defined as
ExpressVPN App Service (C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe)
ExpressVPN System Service (C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe)
both Unrestricted TCP/UPD traffic
But both keep showing as blocked in connections list
VPN only works while firewall is disabled
TinyWall 3.3.1

Hello to Károly and other contributors.

I wish we can

1. set custom hotkeys for whitelists (e.g. set custom hotkey for Whitelist by process)
2. set global hotkeys for Normal protection and Disable firewall modes.

Thanks.

Will there be a portable version of this software? I see there is only an installer, and then the configuration files of the software will be placed on the c drive.

The latest version 3.3.1 is still affected by this bug. Had to reimport the list from backup after a power cut or forced shutdown.

I have some older Win10 media and when I install from it, if I try to install TinyWall too soon, it complains that 21H2 is required. Why is this required on Win10 but TW can apparently install on XP(?), Win7, etc. without issue? It's kinda annoying because the first thing I want to do is install a firewall and software and only after I've done that do I want to update Windows but with this I have to wait for the updates to take hold. I'm trying to build the perfect system image for QEMU/KVM so I have gone through this process about 10 times in the past 2 days alone and it has taken an extra hour each time. I prefer to do the updates once I'm done installing software so that the long portion of this process can happen while I'm asleep or the like.

The app boasts about not showing pop ups for blocked apps... I wonder how can you really have control over a firewall that doesn't let you know what apps are doing until you manually check it.

Its not a feature, its a lack.

When I try to open the command palette in VSCode using Ctrl+Shift+P, it does not open the command palette because it opens the Processes window in TinyWall instead.

It would be nice to be able to apply a (temporary) rule to a group of applications.
The actual list rule is only single "white list" that allows unrestricted access.
What I'm looking for is "allow outgoing" per list rule, or "newer allow" or "allow in specific time" or "15min at startup" or whatever.

Hi everyone.
The TW its blocking all AVG definition update tentatives, even whitelisting all .exe and services related to AVG AV. The definition updates are triggered by icarus.exe present in "C:\Program Files\Common Files\AVG\Icarus\avg-av-vps", when the icarus.exe process generate a temp folder inside that path (so the .exe who actually does the update is "C:\Program Files\Common Files\AVG\Icarus\avg-av-vps\temp<>\icarus.exe") and this new icarus.exe is blocked. There's some way to resolve this?

Thanks in advance.

Hello,
i did a look into Tinywall and saw the feature "enable blocklist"...
In settings I can find port-based and domain-based blocklist.

Recommended is domain-based blocklist... But here comes my question: Which blocklists are included???
Is there a way to view them?

Best regards,

Hi, there's an issue how the connections window display the IPv6 addresses. They're all half-backwards and when combined with leading zero truncation, they can also look very confusing.

For example, with link-local address of fe80::e9df:7c76:13d1:3114 TinyWall displays 1431:d113:767c:dfe9::80fe.

Same thing happens with remote addresses. For example, Google Public DNS Server IPv6 addresses are 2001:4860:4860::8888 and 2001:4860:4860::8844, but we see 8888::6048:6048:120 instead

Not a deal breaker or anything but somewhat annoying and renders the "Copy remote address" function useless.

Some programs (e.g. Discord, Github desktop) create a new folder every time a new update is auto installed (this can happen daily), which renders the current whitelist for that program useless. So my suggestion is to add the ability to whitelist a whole folder so any program who runs from that folder and subfolders get the rules applied to them.

Hello.
It would be nice to see a process id in connections.
For example:
In the list I can see svchost.exe or taskhostw.exe but can't understand what service or what task has been blocked. PID will be very helpful to determinate what service or a task where blocked

issue
there are apps which update quite frequently and while doing so, creating a new directory for the new version instead of using the old one. this leads to a slightly different path (mostly only version number changed) while using the same executable name. Since the path changed, the rule created within tinywall does not match anymore and the app is going to be blocked. This means after every app-update I have to adjust the rule again within tinywall which is tedious.

solution proposal
add checkbox with the option to "ignore path" in the rule dialog so one can decide (and therefore accept the risks involved) to apply the rule only on the executable alone and adjust the rule evaluator accordingly.

examples of popular apps affected

• google drive
• cura slicer

I tried to manually whitelist all the involved processes and even connect via NordVPN + autolearn every once in a while, but it does not solve the issue. After 2-3 days, TinyWall starts again to block the outgoing connections.

Settings:

Exception:

Connections blocked:

If there was an option in the installer to install in some kind of "permissive" mode, this would enable installation on remote machines, which could be quite useful.

Basically, install in permissive mode, set up a few rules for SSH access, whatever VNC you're using, or whatever else you need to access the machine, then switch TinyWall to the recommended block-all mode.

Title says it all.
:)

I don't know if that's doable right now but, I'd need to access a service running on a port just from a specific set of IPs used by my vpn while now, opening that service I can access even not using my vpn.

This won't build since you never uploaded the github_mark.png in img folder.
I checked all previous commits and it wasn't there.

So anyone attempting to build "TinyWall" from source, won't be able to unless they remove it.

Error:

1>TinyWall\SettingsForm.Designer.cs(448,77,448,88): error CS0117: 'Icons' does not contain a definition for 'github_mark'

Line: 448 in SettingsForm.Designer.cs
this.btnGithub.Image = global::pylorak.TinyWall.Resources.Icons.github_mark;

To fix:

SettingsForm.Designer.cs comment this line out.

this.btnGithub.Image = global::pylorak.TinyWall.Resources.Icons.github_mark;

Icons.resx remove the following lines
<data name="github_mark" type="System.Resources.ResXFileRef, System.Windows.Forms"> <value>img\github-mark.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value> </data>

You will now be able to build it.

Hi,
it looks impossible to open SMB2 445 port to reach server on local networks subnet.
The option screen "Special exceptions" needs to show one more option to open that.
Maybe a new port exception page ?
Thanks