I have a Windows 10 Pro install that I spin up as needed, which isn't often tbf. One thing that's really holding me back is the lack of a decent easy to use firewall as you'd find in Linux, BSD or similar. More specifically, since I have a WireGuard VPN with a public IP and all ports open, I want to set up policies/rules per interface - or at a push by CIDR/network. For example on Linux it's as simple as:
Shorewall:
UFW:
Berkley pf:
Each of the rules does the same thing - the firewalls have default-deny and block everything inbound, but are now set to pass traffic on one port, on the WireGuard interface only. The same port remains closed to my usual ISP WAN. A single line of code/text in each case, simply picking the preferred engine based on current OS/circumstances.
On Windows though, it's much more convoluted and overly simplistic (Public or Private). While I've not delved into Powershell for Windows Firewall, from what I've read so far it's not really possible in the way I want - at least not without cobbling things in ways that weren't intended.
Can anyone recommend from experience a decent firewall for Windows that allows such functionality and isn't a mess? I tried Comodo Firewall but it's convoluted and buggy. Eset's firewall was a buggy ****show to the point where, once set up, it didn't work as stated and allowed through connections from WAN silently. The devs acknowledged the design flaw (it was intentional!) but gave me a load of sarky abuse and froze me out of the forums once I documented and published it.
Any others that actually work, are flexible and customisable and easy to use? I can issue one line on *nix and it's sorted - on Windows? I've only been looking for three days!...
Shorewall:
Code:
ACCEPT net vpn 6789UFW:
Code:
ufw allow from any to $(vpn_ip) port 6789Berkley pf:
Code:
pass in log on $vpn inet proto tcp from any to ($vpn_ip) port 6789 keep stateEach of the rules does the same thing - the firewalls have default-deny and block everything inbound, but are now set to pass traffic on one port, on the WireGuard interface only. The same port remains closed to my usual ISP WAN. A single line of code/text in each case, simply picking the preferred engine based on current OS/circumstances.
On Windows though, it's much more convoluted and overly simplistic (Public or Private). While I've not delved into Powershell for Windows Firewall, from what I've read so far it's not really possible in the way I want - at least not without cobbling things in ways that weren't intended.
Can anyone recommend from experience a decent firewall for Windows that allows such functionality and isn't a mess? I tried Comodo Firewall but it's convoluted and buggy. Eset's firewall was a buggy ****show to the point where, once set up, it didn't work as stated and allowed through connections from WAN silently. The devs acknowledged the design flaw (it was intentional!) but gave me a load of sarky abuse and froze me out of the forums once I documented and published it.
Any others that actually work, are flexible and customisable and easy to use? I can issue one line on *nix and it's sorted - on Windows? I've only been looking for three days!...
