Minimal Firewall is a portable Windows firewall frontend that alerts users to block internet connections without requiring custom kernel modifications or disabling Core Isolation.
Minimal Firewall
Minimal Firewall is a portable Windows firewall tool designed to alert users about unauthorized internet connections while maintaining system security without kernel modifications or disabling Core Isolation.
Key Features:
Lockdown Mode: Blocks all network connections by default, requiring explicit user approval for any program to connect.
Real-Time Alerts: Instant notifications when blocked programs attempt to connect, allowing on-the-spot decisions.
Simple Rule Creation: Single-click options to allow or block applications permanently or temporarily.
Wildcard Rules: Manage rules for frequently updating apps like browsers by specifying folders.
UWP & Service Support: Control modern Windows Store apps and background services alongside traditional desktop programs.
Light/Dark Themes: Clean, user-friendly interface adaptable to any time of day.
README
Minimal Firewall
Minimal Firewall enhances the built-in Windows Firewall to block all unknown network connections by default, giving you complete control. It prompts you for action when an application tries to connect, allowing you to mitigate malware, stop unwanted telemetry, and prevent data leaks. With Minimal Firewall, no application "phones home" without your explicit permission.
Unlike most other Firewall programs, Minimal Firewall acts as a frontend, avoiding enlarging your computer's attack surface by playing around with lower levels of the WFP. Minimal Firewall also has an audit feature to examine new rules added to Windows Firewall. When you use a WFP app, it acts as a filter on top of Windows Firewall. The problem is that Microsoft sets varying levels of importance to its firewall rules (e.g. those changed in group policy editor or related to Windows Defender may have higher importance). So if the filter and Windows Firewall rules conflict, it's not clear which one supercedes the other. Minimal Firewall avoids this by working directly with Windows Firewall without having to shut off this key part of your Windows security.
The program is designed to be intuitive. For a concise user guide, see the wiki.
Core Features
Lockdown Mode: The heart of Minimal Firewall. When enabled, it configures the Windows Firewall to block all outbound connections that don't have an explicit "Allow" rule. No program connects without your say-so.
Real-Time Connection Alerts: Get instant notifications when a blocked program attempts network access. Choose between interactive pop-ups for immediate action or silent, in-app alerts on the dashboard to review later.
Simple & Advanced Rule Creation:
Program Rules: Allow or block applications with a single click.
Advanced Rules: Create detailed rules based on protocol (TCP/UDP/ICMP), local/remote ports, IP addresses, services, and network profiles (Domain, Private, Public).
Firewall Auditing: The Audit tab shows you a log of firewall rules that were created, modified, or deleted by other applications, giving you visibility into background changes.
Audience & Benefit:
Ideal for security-conscious users seeking control over internet connections without compromising system integrity or privacy. Minimal Firewall enables proactive management of network activity while ensuring robust security through native Windows Firewall integration.
Live Traffic Monitoring: The "Live Connections" tab displays all active TCP connections on your system in real-time, showing which process is connected to which remote address.
Wildcard Rules: Easily manage applications that update frequently (like web browsers) by creating rules that apply to any executable within a specific folder.
Rule Import & Export: Save your entire rule configuration (including advanced and wildcard rules) to a single JSON file. This is perfect for backups or migrating your setup to a new computer. Paths are made portable using environment variables (%LOCALAPPDATA%, etc.) for easy sharing. You can choose to either add imported rules to your existing set or completely replace them.
Trust Publishers/Digital Certificates: This works similar to wildcard rules. You can automatically trust apps with digital certificates trusted by Windows. Or you can whitelist publishers yourself.
UWP & Service Support: Manage rules for modern Windows Store (UWP) apps and background system services, not just traditional desktop programs.
Trust Publishers/Digital Certificates: Automatically allow applications signed with a trusted digital certificate. You can also manage your own list of trusted publishers to automatically allow any software they create.
Light & Dark Themes: A clean, modern user interface that's easy on the eyes, day or night.
100% Local and Private: Minimal Firewall contains no telemetry, does not connect to the internet, and stores all rules and logs locally on your machine.
Portable: Minimal Firewall is a single executable that requires no installation. All rules are native to Windows Firewall, so no custom drivers or services are left behind.
Why Use Minimal Firewall?
Minimal Firewall offers a secure and integrated approach by managing the native Windows Firewall, eliminating the need for custom drivers or risky system modifications.
Feature
Minimal Firewall
TinyWall
SimpleWall
Fort Firewall
Size
~2MB
~2MB
~1MB
~6MB
Portability
β
β
β
β
Requires Core Isolation Off?
No
No
No
Yes
Connection Alerts
β
β
β
β
Advanced Rule Editor
β
β
β
β
Firewall Change Auditing
β
β
β
β
Wildcards
β
β
β
β
Open Source
β
β
β
β
Avoids low-level filters
β
β
β
β
Screenshots
FAQ
Do I need to keep the app running?
You do not need to keep the app running to ensure the firewall rules are hardened. These are persistent changes until you unlock it in the app. You only need to run the app when you want to authorize a new program or change a rule. Wildcard rules are only automatically added if the app is open (or closed to tray). If the app is closed, any new updates to the wildcard folders will silently fail until you open the app again.
How do I completely uninstall Minimal Firewall?
Because the application is portable, you can simply delete the executable file. To clean up the rules it has created, you have two options on the Settings tab: "Delete all Minimal Firewall rules": This will remove only the rules created by this application. "Revert Windows Firewall": This is a more drastic option that resets your entire Windows Firewall configuration to its factory default state, deleting all custom rules from any source.
Does this work with other antivirus or security software?
Yes. Minimal Firewall is designed to be compatible with other security products. It does not install any kernel drivers or low-level services. It exclusively uses the official NetFwTypeLib COM library, which is the standard Microsoft API for managing the built-in Windows Firewall. This prevents the types of conflicts that can occur with firewalls that use their own filtering drivers.
Security by Default
By leveraging the battle-tested Windows Defender Firewall, Minimal Firewall avoids reinventing the wheel. It uses documented Microsoft APIs to ensure stability and security.
No Service Required: Creates persistent Windows Firewall rules, eliminating the need for its own background service.
No Network Activity: The application itself makes no network connections. No telemetry, no update checks, no "phoning home."
Auditing: Allows you to see if other applications silently add or change rules in the Windows Firewall.
Secure Rule Creation
Follows Microsoft's best practices for firewall management by favoring application-based rules over risky port-based rules.
Rules are program-specific, tied to an executable's path or a UWP app's Package Family Name, preventing malicious programs from impersonating an allowed app on the same port.
Technical Architecture
Minimal Firewall is a Windows Forms application written in C# on the .NET 8 platform. It serves as a user-friendly management layer for the native Windows Firewall with Advanced Security.
Core Interaction: It uses the NetFwTypeLib COM Interop library to interact with the INetFwPolicy2 interface, which is the standard API for managing Windows Firewall rules and policies.
Connection Alerting: It listens for Event ID 5157 ("The Windows Filtering Platform has blocked a connection") in the Windows Security event log. This is a native, efficient way to detect blocked connection attempts without a custom driver.
Auditing: It uses a ManagementEventWatcher (WMI) to monitor for real-time changes to the MSFT_NetFirewallRule class, allowing it to detect when other processes modify the firewall ruleset.
Live Traffic: The live connection monitor uses the GetExtendedTcpTable function from iphlpapi.dll to retrieve a list of active TCP connections and their associated Process IDs.
No Drivers: It does not use any custom kernel drivers, relying entirely on documented Windows APIs for maximum stability and security.
Special Thanks
For dark theme, Minimal Firewall uses a modified version of Dark-Mode-Forms.
Contributing
Contributions are welcome! Please submit an issue, a discussion, or a pull request. Feel free to drop a question or discussion in the discussions tab.
Thanks to
@shewolf56
@Hanatarou
License
Minimal Firewall is licensed under the GNU Affero General Public License v3 (AGPL v3). For commercial or proprietary licensing, please contact me.
