I currently use TinyWall Firewall, it works very well, it’s small/portable, no complaints I even donated to the Dev but I would really prefer open source, also it needs to be user friendly like TinyWall so my non-tech family members can/will use it like they do with TinyWall.
Okay, so this is a more topic-adjacent meta commentary, but this thread is a great example of something stupid.
Why is it that when people show up on the internet to ask how to do something, a bunch of people jump in to say that thing isn’t worth doing?
I don’t know how many times I’ve been googling for a solution to a problem and I keep finding people who tell OP not to bother rather than either providing a solution or just like, not commenting on a thread they’re incapable of helping in.
Like, y’all get that these conversations turn into google results, right? You know how frustrating it is to google something and the first answer that comes up is ‘google it’? Or better yet ‘you can’t’ in response to a problem that’s absolutely doable.
Just let people do their weird little niche projects that fit their needs! You don’t need to understand why.
Drives me up a wall.
There is a basic misunderstanding in OP’s formulation: a “firewall for” is something one needed with Windows XP and earlier, as in a piece of software that acted as a firewall; nowadays, both Windows 7+ and Linux come with a built-in firewall, that one might want a “GUI for {}'s firewall”.
Whether people feel more inclined to explain the misunderstanding, or to just spew a “you can’t” that’s technically correct but unhelpful… YMMV, different people are different and may be of different mood at different times 🤷
Update: I just discovered that TinyWall is now FOSS, GitHub Link If a very powerful, easy to config/maintain Windows firewall that is also now FOSS is something your interested in, I highly recommend giving TinyWall a try
There seems to be a misunderstanding:
- A “firewall for” is something one needed with Windows XP and earlier, as in “a piece of software that acted as a firewall”.
- Nowadays, both Windows 7+ and Linux come with a built-in firewall, that one might want a “GUI for {}'s firewall”.
One of such GUIs, is TinyWall, that is also FOSS (GPLv3). I see people have suggested some more.
To be precise, all these options are inferior in functionality to firewalls like ZoneAlarm… but since you’re asking for a non-tech friendly solution, they should be adequate.
ZoneAlarm is trash compared to Suricata or Snort.
Does Suricata or Snort allow the user to block per-process outgoing traffic?
Both do deep packet inspection using netflow protocol and filter using crowd sourced detection rules as well as commercial, process-level filtering on a host operating system to detect network intrusion is unecessarily resource intensive.
https://www.netgate.com/blog/suricata-vs-snort
ZenArmor does the same as both, but also uses python scripts with a fancy graphical interface.
Do people really run zenarmour, snort or suricate on their desktop?
Feels like a network firewall thing to do DPI for the whole house, instead of a per-machine thing.Process-level filtering is to avoid exfiltration from environments where “all processes run as the same user, with full access to all other processes”… which, unfortunately, are still most of them.
DPI is nice to stop incoming attacks, and to detect suspicious outgoing traffic, but it’s kind of late when the data is already on the wire, and you won’t be able to stop all possible kinds of traffic that way.
deleted by creator
I knew I was going to find a comment like this and I am disappointed that I did.
It is hard for people to make transitions specially because they probably used Windows their own life. If they are asking for a FOSS firewall they most likely know they should transition to Linux at some point. There is actually no need to be the questioning person.
I use arch btw
deleted by creator
If you phrased your initial question differently or asked more details about OP’s use case I think it would be completely fine. For example, they might be the “sys admin” where they live but their family members would be extremely annoyed if they tried to push Linux.
Just kind tired of the “you cannot ask for FOSS alternatives if you are using something proprietary” and ended up venting because of your comment, that’s all.
It’s not an assumption that transitioning to (Proton on) Linux is hard with no prior knowledge. An assumption is that you’re probably talking from the perspective of a tech-savvy person that doesn’t need to open a Lemmy thread to find their desired software. OP doesn’t owe you a question that computes in your head. Open Source software for Windows exists therefore it can be installed.
deleted by creator
don’t owe OP an answer
Exactly. Since its dawn forums on the internet have been full of people countering legitimate questions with “why would you even ask that?”. Not only is nobody owed your “contribution”, it is of zero value.
because something exists doesn’t mean it should be installed
Elitist much. Why would you rather assume that a tech-savvy person is asking for tech guidance than the infinitely more likely opposite case? The answer is because you (elitist) think what works for you is the only valid path and all must be guided to your subjective treasure. Your intentions may be benign but your methods are not.
deleted by creator
This is Beehaw and we aim to be a nice place, right? So to me is kind of pointless this kind of discussions and I just meant to say that your comment sounded very judgemental and it could be written in a nicer way, that’s all.
Edit: Check OP’s new comment on the post.
Because spending years setting up a system using nothing but open source from the start, you’d still not approach what windows can do out the box.
Because spending years setting up a system using nothing but open source from the start, you’d still not approach what windows can do out the box with far less effort.
This is a flawed argument, the opposite of:
Because spending years stripping(*) a system from adware and bloat, you’d still not approach how slim Linux can be out of the box with far less effort.
Just pick a target, then use whichever tool gets you closer to it… and I think you know it, no need for a rant.
(* there are actual tools to strip and reset the tracking and ads in Windows… obviously for people who accepted to get early updates, install the “Preview” versions, and haven’t read that it means they’re now betatesters with telemetry enabled 🙄)
PS: settling on a “single GUI”, is kind of ironic given the multiple GUI versions of the control panel in modern Windows.
Preferences are rarely black and white. I prefer locally grown vegetables, yet those are not the only kind of veggies I buy.
deleted by creator
You can have a preference and not do the preferred thing all the time. In the example you gave, someone could generally eat “healthy food” and just have a Big Mac meal once in a while.
Can’t say I do tbh. You make it sound like if one prefers healthy foods they can’t get a craving for a burger and yet ditch the fries. To me it seems completely normal.
What’s wrong with the built in windows firewall? It works well, has a GUI to add rules, etc… You don’t even need to touch it on a default setup for most people.
Because it’s awful to use, counter-intuitive, and fucking breaks network connectivity all the time by switching private networks to public on a whim.
Fuck that piece of shit for that reason alone. I’ve seen it fuck domain controllers doing this, when “supposedly” it can’t do this on a DC. Know what happens then? I can’t RDP to the server from it’s own local network.
This is such a problem we run a powershell script on a schedule to ensure the connections remain private.
TinyWall doesn’t change the firewall, it’s just an alternative GUI… like setting it from PowerShell.
Could you share that script? Sounds like a nifty grassroots tech solution.
I haven’t had that happen unless my gateway or DHCP server changes, but on a server wouldn’t adding the rules to both public and private profiles solve that too?
This. There really is no point in installing something like tinywall, when there is a built in firewall that has more functionality (granted its much less user friendly).
TinyWall is a simplified GUI for the Windows firewall… some may like it, some may not.
OK, since this was my first post here I did not expect the conversation to get so lively. I appreciate every single input. I thought my initial request was simple and clear with the words “non-tech” and “family members” but for the curious I will expand a bit.
For starters of course I am the “sys-admin” of my families tech life, my main personal PC is not Windows based but every member of my family is because every flavor of Linux I have convinced a family member to try has resulted in utter failure for them, sad but true.
They like the simple UI over the Windows firewall because I had no success trying to get them to understand/use the built-in windows version “Easy” to block per-process out/in traffic “Easy” to block ALL traffic, etc… Having them understand/use traffic blocking at the app level has made all of them much safer/smarter users. I start them with almost everything locked down, they open/monitor what they use, nobody shares a PC so this works perfect.
and finally for me, I needed Open Source so I can inspect the code for any tomfoolery, make any custom changes needed/wanted, and compile on my own. Free is never a requirement, I will always support the devs of software I end up using.
Thanks again for all the input, I read and followed everything, I was not planning on this much TMI but felt it warranted after reading the responses.
deleted by creator
Sorry you had to write this down, OP. On the internet people make a lot of assumptions. I hope you ended up getting a reply.
Check out Simplewall. Simple enough and not complicated.
