While an antivirus can be quite an important piece of software for many users, a firewall is even more important. A firewall is effectively a barrier between your computer and the internet that allows or blocks programs from accessing the network. Being careful what you allow and disallow is important for the overall security of your computer.
There are loads of firewalls around and several big names in security have a free firewall available. These include ZoneAlarm, Glasswire, Sophos, and Comodo. Some of the more interesting and useful firewalls are those by independent developers. Quite often, they are less bloated, ad free, and do the job with the minimum of fuss.
Here, I look at five of the less well-known but well established free firewalls developed by individuals or independent companies.
1. Simplewall
Simplewall is a free and open source firewall that I have been using for the last few years. The program uses the Windows Filtering Platform (WFP) set of services to filter and block applications. That is separate from the Windows Firewall and you can comfortably run both together if you wish without fear of compatibility issues.
An added bonus is crated rules still work if Simplewall is closed because WFP stays active in the background. Once installed (a portable mode is available), Simplewall starts with protection disabled, turn it on with the “Enable Filters” button. A popup appears that offers permanent rules or rules that reset after the next reboot.
If you plan to use Simplewall for a a period of time, choose permanent rules. As soon as programs try to connect to the internet, the network alert window appears. There are options to Allow, Block, Ignore, or allow specific service ports/the target IP address. Allow also has an optional expiry timer from 2 minutes, to 24 hours.
Whether you choose to ignore the access request or just close the window, Simplewall will keep blocking until you manually allow the program through. Simplewall has separate tabs depending on what requires internet access. There are Apps, Services, UWP Apps (Windows built-in apps and store apps), Blocklist, and System rules.
Privacy lovers will be happy to see the inclusion of some blocklists to block certain Microsoft IP addresses. Microsoft spying and telemetry is set to block by default while Windows Update and Microsoft applications are disabled. Use the Blocklist menu to change each list to block, allow, or disable. The Blocklist tab allows for manual editing.
Simplewall selected features:
- Rules editor to create your own rules
- Permanent mode or temporary mode that resets rules on reboot
- Internal blocklists for Microsoft applications, Windows Update, and Windows telemetry
- Dedicated tabs for Services, UWP apps, system rules, user rules, connections, and packets log
- Support for Windows Subsystem for Linux (WSL) and the Windows Store
- Dedicated portable mode
- Packet logging with the option to save log to a file
- Basic Command line support
2. Tinywall
Tinywall went open source in 2023 due mainly to the developer stating there won’t be much more major development of the software. However, there have been recent updates for bug fixes. It remains to be seen whether there will be many, or any, more updates by the original developer.
What makes Tinywall interesting is it works on a block first, allow later policy without interactive pop-ups. While this might be inconvenient to some users, it does mean software will not have network access until you specifically allow it. This could be better for security as no one can blindly click allow on a block/allow pop-up.
The standard operating mode is Normal Protection which blocks an application until you allow it manually. Other useful modes are Block all, Allow outgoing, and Autolearn. While Autolearn is running, it creates allow rules for any applications that ask for internet access. Therefore, use this option with care.
Adding an application exception is rather unique and you have three options; whitelist it by browsing for the executable, choose from a list of running processes, or click on an open program window. An unknown application window pops up from where you can block/allow, set a rule time limit, restrict to LAN, or apply to child processes.
Right-click on the tray icon and click Manage to show the list of allowed and blocked exceptions. The Detect button is useful for finding installed software that might need adding to the exceptions list. It’s not thorough by any means but might find and add a few programs that need internet access. Modify or remove exceptions from this window.
Tinywall selected features:
- Firewall tampering protection and password lock.
- Windows Store and UWP support.
- Support for whitelisting processes or restricting applications on network shares.
- Support for temporary/timed firewall rules.
- Integrated port and domain blocklists.
- Protect the Windows HOSTS file from changes.
- Boot-time filtering.
- Port-scan prevention.
Tinywall requires Windows 11 or Windows 10 21H2 and above to work.
3. Windows Firewall Control
Security giant Malwarebytes purchased Binisoft (the developer of Windows Firewall Control) in 2018. Thankfully, development is continuing by Binisoft and the program still remains free. As the name implies, Windows Firewall Control is not a firewall itself but it adds more control and functionality to the Windows Firewall.
There are four filtering profiles in Windows Firewall Control. No filtering turns the firewall off while High filtering blocks all connections to and from your computer. Low filtering will allow any outbound connection that does not match a rule and Medium filtering is the reverse and blocks any outbound connection that does not match a rule.
Although the default out-of-the-box mode is Low filtering, the program recommends switching to Medium filtering. To complement that, it’s best to turn on “Display notifications” as this makes the process more interactive with allow/deny popup dialogs.
There are some options worth considering that are not enabled by default. They include Shell integration, hotkeys, and secure profile/rules that will stop external software from adding firewall rules or disabling the firewall. The Connections log at the bottom is useful as you can add rules from a list of previous connection attempts.
Windows Firewall Control selected features:
- Show notifications of outbound blocked connections.
- Create temporary rules which are automatically deleted when they expire or on program restart.
- Stop other software from tampering with Windows Firewall rules and state.
- The lock feature disables access to the settings of the program and Windows Firewall.
- Right-click context menu integration.
- Ability to find and display non-existent, duplicate, or expired firewall rules.
- Protection against unauthorized uninstallation.
- Global hotkey support.
Download Windows Firewall Control
4. Envorim Free Firewall
Although I’m not a big fan of the rather bright and colorful user interface, it does at least make the program easier to operate and understand. That doesn’t mean Free Firewall is completely novice friendly though as there are still a lot of easily accessible settings you can change that could cause connectivity issues in the wrong hands.
There are four main modes of operation; Disabled (default), Enabled, Gaming, and Blockade. Three of those are self explanatory but Gaming is interesting. It disables notifications and allows programs through the firewall. Free Firewall then creates a rule for each launched application to ask for permission when the mode changes to Enabled.
Several running Windows processes and Service rules get added to the program automatically. A few like ntoskrnl.exe and System Process will ask for permission while it sets nearly all the others to allow all. Press Enabled so Free Firewall starts monitoring for programs trying to access the network.
Once an unknown application wants internet access, a popup will appear with the process name and addresses it’s trying to access. You can click Allow or Prohibit on individual addresses or Allow all/Deny all. These latter two options give the program full access or no access at all (you may have to click the button twice).
Right-clicking an entry in the Applications list will give the option to edit it. This offers an additional setting to apply block/allow rules for specific domains or IP addresses. The built-in Zones feature is an extension of this and it will apply similar rules across multiple applications at once.
Envorim Free Firewall selected features:
- Block Windows and application telemetry, and web tracking services.
- WebSpeedup option disables non-essential web components on webpages, like Google fonts.
- Password protects the UI with a password.
- The Zones feature enables batches of block/allow rules to be applied across multiple applications.
- Choose whether the default rule for new applications is Ask, Allow all, or Deny all.
- Services tab to control the internet access of Windows services.
Enorim Free Firewall will not start with Windows by default so you have to enable the option. Go to Settings > General and check the box at the top.
Download Envorim Free Firewall
5. Fort Firewall
Fort is similar to Simplewall with respect to it also being based around the Windows Filtering Platform. However, the way it works is more like Tinywall where you can block connections by default and then allow them manually. There are no allow/deny popups in Fort so application rules are edited through the main user interface.
After installation (a portable mode is available), the program defaults to Auto-learn mode. This essentially allows all applications access to the internet that require it. The other two filter modes are to block or allow every new application by default. Change filters on the fly from the tray icon or in the Options window.
All you have to do to change the access state of a program is to click on the entry and use the buttons at the top. Alternatively, right-click on the entry and use the context menu. The A and B keyboard shortcuts also work.
Double click on an entry to access its individual settings. From here, you can choose its application group, apply the rule to child processes, and restrict access to LAN only. There’s also an option to block an allowed application at a specific time or after a specified time period (hours/days/weeks/months).
Fort Firewall still seems to be a bit of a work in progress as several features and options are poorly documented or unfinished. These include Policies, Zones, Application Groups, and Allowed Internet Addresses. Setting speed limits in Application Groups crashed my test PC several times, so is best left alone for now.
Fort Firewall selected features:
- Filter by network addresses, application groups, and services.
- Support wildcards in program path names.
- Application Group speed limits and transfer buffer sizes. **currently unstable**
- Add blocklists via Zones including blocking Windows telemetry.
- Logs traffic statistics and includes a bandwidth graph window.
- Block programs on a timer or schedule.
- Stop internet traffic when Fort is closed.
- Password protects the user interface, Options window, and uninstall process.
Fort Firewall works on Windows 7 and above. Note that the Visual C++ 2015 Redistributable needs to be installed and Core Isolation has to be disabled on the PC. For more information and instructions, check the Fort webpage.
Thanks for reviewing the Fort Firewall.
“- Application Group speed limits and transfer buffer sizes. **currently unstable**”
Speed limits work fine now (latest is v3.9.6 atm).
Thanks for the report, I will retest the new version and update the article where appropriate.