simplewall

simplewall is a Windows application for controlling which programs on your computer can access the internet. It sits on top of the Windows Filtering Platform, a low-level system built into Windows for filtering network traffic. The README notes that it does not interact with the Windows Firewall at all; it uses a separate underlying mechanism, and both can coexist on the same computer without conflicts.

By default, when you activate simplewall, it blocks all outbound and inbound network connections for every application. You then decide which programs to allow, rather than deciding which ones to block. This is sometimes called a default-deny or allowlist approach. The filters continue working even when simplewall is not running, so closing the application does not open your network back up. You press a Disable filters button to stop the rules.

The rules editor lets you create two types of custom rules. Global rules apply across all applications, while special rules apply only to specific programs. Rules can specify individual IP addresses, address ranges, CIDR blocks, ports, or port ranges. Both IPv4 and IPv6 are supported. You can also install rules as temporary, which means they reset on the next reboot, or as permanent, which means they persist until you remove them manually.

The application ships with an internal blocklist that covers known Windows telemetry and data-collection endpoints. There is also packet logging: you can see which connections were dropped or allowed and save that information to a file. Portable mode is available by placing a configuration file in the application folder. The program is under a megabyte in size, supports Windows 7 through 11 on 64-bit and ARM64, and requires administrator rights to run.