Winpooch - 'FOSS' Firewall (400kb)

By DigeratiPrime
in Essential Guides

 Share

Recommended Posts

Rising Star

DigeratiPrime

Posted
Posted (edited)

ok I will keep this guide simple, because I believe once i show you how easy it is to use you can do whatever you want :)

This guide will show you how to block everything from connecting to or listening to the internet except firefox (or whathaveyou).

Winpooch is FOSS (Free and Open Source Software), it weighs in at about 400kb, and it doesnt need to be installed - just extract the zipped binary.

Download Winpooch

http://winpooch.free.fr/home/index.php

http://sourceforge.net/projects/winpooch/

Instructions:

  • Start Winpooch and delete the existing Net:Connect and Net:Listen rules except those that have the Address (Param 1) set as 127.0.0.1 because thats your computer and you need that (i think). :) If you followed that correctly the window should now appear as shown below:

winpooch03zl.png

  • Create a new rule by clicking on the '+' button on the bottom right. Set the fields as show below then hit ok. Repeat this step but this time for 'Reason' choose 'Net:Listen'.

winpooch37hd.png

  • If you read and followed these instructions Winpooch should now look like this:

winpooch13qt.png

  • This last step is to add Firefox as an exception so it may connect to the internet. Click the '+' on the top to Add Program. So in this case navigate to firefox.exe and then hit ok. To keep things simple were just going to select "Don't hook this program". This tells Winpooch to just ignore that program. Alternatively you can create rules and specify what addresses (ip's) and ports (80, 443, etc) it may connect to, and have winpooch keep logs of the ips and ports it uses.. You may also want to do the same (unhook) for explorer.exe, otherwise explorer.exe will hang when it starts.

winpooch12wo.png

  • Now when a unpermitted file trys to access the internet...

winpooch59cp.png

Thats all there is too it! :D

Edited by DigeratiPrime
Link to comment
https://www.neowin.net/forum/topic/436364-winpooch-foss-firewall-400kb/
Share on other sites
Rising Star

DigeratiPrime

Posted
  • Author
Posted (edited)

that has nothing to do with xpsp2, its probably just explorer.exe trying to start. I noticed a hang when i restarted explorer.exe, after about 5 seconds i got a popup I choose 'NewFilter'

Program: C:\WINDOWS\explorer.exe
Reason: Reg::SetValue

Param1: 
Type: String
Value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

Param2:
Type: String
Value: Common Startup

Reaction: Accept
Verbosity: Silent

Also you can add a program in Winpooch and tell it 'Don't hook this program'

Edited by DigeratiPrime
Veteran

Popcorned1

Posted
Posted

Sorry for all my posting, but thanks to the fix you provided I managed to get it to work.

Heres my final review ;)

The size of the program is amazing, i'm really pleased that I didn't have to download a 30 meg file for a firewall. Under 2 meg is fantastic and dialup users will be downloading this one for sure.

The setup of the program is easy.

Once setup, do the unhook the explorer process as your computer will get into loads of trouble and basically stop working. This is because the explorer exe can't start and that's why you wont be able to access the start bar etc.

I have to say once i've got it to work i'm very satisfied with it. Theres no problems when it's running and does a grand job, the simply interface is nice.

Best of all, it's Opensource! :D

Rising Star

DigeratiPrime

Posted
  • Author
Posted

download the zipped binary, theres nothing to install. everything is saved inside the one folder. it runs as a process, in the future they might have a version that installs it as a service.

BTW if you are in the habit of reformating your pc often, i would suggest you consider looking at Acronis True Image. ;)

  • 3 weeks later...
Collaborator

nizsmo

Posted
Posted

does this firewall ask for exceptions when a program is trying to connect to the internet?

say for instance i run Warcraft III will it ask if it may allow W3 connection to the internet?

Yea it acts as a normal firewall, but just a little different. I am using it, and it works great for me!

Beats anything bloaty :cool:

How bout some of that NODpooch32 :D :D

  • 2 weeks later...
Rising Star

DigeratiPrime

Posted
  • Author
Posted

right, for torrents i tell winpooch to accept all addresses and ports for connect and listen. because i trust that program. Likewise you could also tell it to just unhook that process and it will ignore it completely.

for firefox i have mine set to allow firefox to connect on any port or ip, but its not allowed to listen.

if a program not in the list try's to connect say explorer.exe pretending to be internet explorer, winpooch pops up instantly and i tell it to reject and internet explorer thinks theres no connection. you can also kill that process :devil:

of course you can also adjust the verbosity or logging. I use 'silent' for torrents/firefox because i dont want a list of every port and ip ive connected to, the logs will just get enormous or roll over very quickly.

just try it its a zipped binary and it doesnt install any services, drivers or rootkits. if you are really paranoid you can download the source! ;)

Enthusiast

Laughing Man

Posted
Posted

How do you tell it to accept all addresses and ports? The rules are just net connect in, out, read or write, etc..

Also I think me screw up. I deleted everything but the ones with the IP 127.0.0.1 (so in the screenshots minus everything without that IP). Also when I add programs to the list how do I configure it so it auto accepts it? What's the undefined rule too?

Rising Star

DigeratiPrime

Posted
  • Author
Posted
So what would be the diffrence between using this guide and just using "default" config?

the default config allows all processes to connect and listen to the internet. this guide reverses that! see the first post.

How do you tell it to accept all addresses and ports? The rules are just net connect in, out, read or write, etc..

Also I think me screw up. I deleted everything but the ones with the IP 127.0.0.1 (so in the screenshots minus everything without that IP). Also when I add programs to the list how do I configure it so it auto accepts it? What's the undefined rule too?

look again at step 2

winpooch37hd.png

Veteran

Herby

Posted
Posted (edited)

It's a nice little program, but I would not recommend to use it as a firewall:

It locks your ports, but it does'nt hide them -> Shields Up! (select Proceed button and select All Service Ports).

It does'nt prevent most programs from accessing the internet -> Firewall leak tester.

Edited by Herby
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.