mirrors/fort
1
0
Fork 0
mirror of https://github.com/tnodir/fort synced 2024-11-15 01:55:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
c27dabbf6a
fort/README.md
Nodir Temirkhodjaev c27dabbf6a README: Note about "Make trackable" button in Services
2022-02-13 13:45:09 +03:00

3.6 KiB
Raw Blame History

Fort Firewall

Release Downloads Screenshots License Crowdin

Fort is a simple firewall for Windows 7+.

Features

  • Filter by network addresses, application groups
  • Filter by SvcHost.exe service names
  • Support wildcards in program path names
  • Application group speed limits
  • Stores traffic statistics
  • Graphical display of bandwidth
  • Has own kernel driver, based on Windows Filtering Platform (WFP)

Supported OS versions

Asset OS Version Architectures Description
*-windows-x86.* Windows 7 SP1 and later x86, x64 32/64-bit Windows 7, 8, 8.1, 10, 11
*-windows10-x86_64.* Windows 10 2004 and later x64 64-bit Windows 10 2004-21H2, 11

FAQ

Windows 7 SP1 64-bit fails to install not digitally signed drivers

See "SHA-2 Code Signing Support for Windows 7".

What the difference is between "Internet Addresses" and "Allowed Internet Addresses" on the IPV4 Addresses tab?

  1. All FW rules act on "Internet Addresses" only. LAN addresses are immediately allowed by FW and not checked by app groups or speed limiter.

For example here you can describe Internet addresses as:

  • "Include All" addresses,
  • but exclude 127.0.0.0/8, 192.168.0.0/16.
  1. "Allowed Internet Addresses" may be used for example:
  • to block only some addresses:
    • "Include All" addresses,
    • but exclude facebook.com: "31.13.72.36".
  • to allow only some addresses:
    • "Exclude All" addresses,
    • but include wikipedia.com: "91.198.174.192".

Do the App rules take precedence over the Allowed Internet rules?

Filtering steps:

  1. If address is 127.* or 255.255.255.255 and "Filter Local Addresses" is turned off, then PERMIT
  2. If "Filter Enabled" is turned off, then PERMIT
  3. If "Stop Traffic" is turned on, then BLOCK
  4. If address is not from "Internet Addresses", then PERMIT
  5. If "Stop Internet Traffic" is turned on, then BLOCK
  6. If address is not from "Allowed Internet Addresses", then BLOCK
  7. If app path is allowed, then PERMIT
  8. Log about blocked event and BLOCK

What does the "Make trackable" button do in Services?

It modifies the selected Service's settings in the registry "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<SERVICE-NAME>":

  • changes the "Type" value to "16" (Own Process),
  • adds "-s <SERVICE-NAME>" argument to "ImagePath" value,
  • stores old "Type" & "ImagePath" values into "_Fort*" values.

For the new values to take effect, you must restart the changed services or restart the computer.

(Some services already run with "-s <SERVICE-NAME>" argument by SvcHost.exe.)

Code Quality Monitor

Code quality status

-- Nodir Temirkhodjaev, nodir.temir@gmail.com