Copyright XDA Developers
A firewall is one of the first lines of defense against existential threats to your device, and most operating systems include one in some form, so you have protection even if you don't pay for robust antivirus tools. The built-in Windows Defender Firewall is surprisingly robust. Beneath its clunky interface lies a powerful packet filtering engine that does a respectable job of keeping unwanted elements out. However, one trip to the Advanced Security settings page reveals a travesty of tedious wizards to configure simple rules. For technophiles and home lab enthusiasts who want granular, explicit control over every packet leaving their machine to ensure a chatty smart device doesn't contact a random server. This is where a nifty little tool called simplewall simplifies life. However, it shouldn't be mistaken for a UI skin for Windows Defender Firewall. It doesn't interact with the existing firewall rule set at all. Instead, simplewall is a standalone network filtering application built using the Windows Filtering Platform (WFP). WFP is a powerful set of system services and APIs that allows developers to hook directly into the Windows networking stack, and it also powers the OS's default firewall. In essence, simplewall creates its own lightweight, highly configurable firewall that gives you direct, no-nonsense control over your computer's network traffic, bypassing the default Windows interface entirely. Rules Editor offers desired granular control Checklists for the win The rules editor baked into simplewall offers a breath of fresh air with a simple list of all the running applications and services using your network. From here, I can allow or block any of them with one click. With this, I could let Steam update my games, but prevent the client itself from connecting to the internet afterward. It's also a valuable tool to ensure your NAS stays off the public internet and my media server remains accessible only on the LAN. Custom rules additionally allow filtering by protocol (TCP/UDP), specific ports, or IP addresses. This level of control is invaluable for a home lab environment. For instance, you could configure a rule that allows your development server running in a virtual machine to only accept connections from your primary workstation's local IP address, effectively isolating it from every other device on your network. Setting this up in the native Windows Firewall requires navigating a maze of inbound/outbound rule creation wizards, whereas simplewall presents it in a straightforward, list-based format. This also works brilliantly in ensuring Microsoft doesn't gather more data than it needs. I can enable an OS-level blacklist with a single checkbox to stop sending data to a regularly updated list of IP addresses known to be associated with Microsoft's data collection. This also extends to common advertising and tracking services. One click to block thousands of IPs with known nuisance value without going the complicated route to set up a Pi-hole is an easy win. Of course, this isn't a blunt instrument. simplewall allows you to import your own custom blocklists as well. I can just load a text file, and simplewall can block entire country IP ranges. Versatility like none other Taming the penguin and still staying FOSS My favorite bit about simplewall is its extensive support for Windows versions going back all the way to Windows 7, and extending forward to the modern ARM64 architecture. By extension, Windows Subsystem for Linux (WSL) is supported too, making this tool a boon for anyone who craves such simplicity without a dedicated Linux dual-boot configuration. It can identify and filter traffic originating from your Linux distribution, allowing you to apply the same granular rules to your apt package manager or a Python web server as you would to a native Windows application. Moreover, Microsoft recently made WSL source code open source, just like simplewall already is, so the opportunities to tinker are limitless if you're more hands-on with code. All this versatility is crammed into a simple portable version as well, so there's no installation necessary. Adding it to essential software on a thumb drive ensures I'll have it at hand no matter where I am. As someone who travels frequently, simplewall is great for curbing network utilization on limited connections like airport Wi-Fi. Unlike Microsoft, this tool does exactly what's advertised on the GitHub page, and it doesn't even log telemetry and analytics data for its own utilization. The FOSS code also remains open to audit for the technically inclined. To improve, simplewall relies on a thriving community of users who report bugs, suggest features, and contribute to its development. This results in a more robust, secure, and up-to-date application than many proprietary alternatives. Careful before you jump right in Simplewall does everything you'd expect a fully featured network firewall to do, and then some. The user experience is leagues ahead of what Windows offers, but there is one important caution. Because simplewall uses the Windows Filtering Platform, the rules it creates are persistent and independent of the application itself. This means a critical system service you block before uninstalling simplewall will remain blocked. It can create a dangerous situation where a critical service cannot use networking resources. That's easy to fix, but the problem is entirely avoidable if you're careful. So long as you respect its power, simplewall is the networking scalpel that can add to the reliability Windows firewall offers.
