How to Use SimpleWall (WFP Tool) to Block Unwanted Network Traffic

Troubleshooting Common SimpleWall (WFP Tool) Issues and FixesSimpleWall is an open-source Windows Filtering Platform (WFP) based firewall utility that provides a lightweight, rule-driven interface for controlling network traffic. It’s popular with users who want more granular control than the built-in Windows Defender Firewall without the complexity of full-featured commercial firewalls. Despite its strengths, users may encounter issues ranging from installation problems to connection disruptions. This article walks through common SimpleWall problems and step-by-step fixes, with practical tips to help you restore normal network behavior.

---

1. Installation and Startup Failures

Symptoms:

• SimpleWall installer fails or crashes.
• Service won’t start after installation.
• App displays errors about driver installation or missing components.

Causes:

• Conflicts with other firewall/antivirus drivers.
• Insufficient permissions (installation not run as administrator).
• Corrupted installer or missing Microsoft Visual C++ runtimes.
• Driver signature enforcement blocking kernel driver installation.

Fixes:

1. Run as administrator: Right-click the installer and choose “Run as administrator.”
2. Temporarily disable third-party AV/firewall: Uninstall or disable other firewall drivers (e.g., third-party VPN clients, Endpoint Protection) before installing, then reinstall them after SimpleWall is working.
3. Check driver signing: If Windows blocks driver installation, temporarily disable driver signature enforcement (advanced boot options) to install, then re-enable it. Prefer signed drivers when possible.
4. Install prerequisites: Ensure Visual C++ Redistributables are installed. Download from Microsoft if needed.
5. Use the latest installer: Redownload from the official SimpleWall GitHub releases to avoid corrupted files.
6. Reinstall service: Open an elevated Command Prompt and reinstall SimpleWall service if available in documentation (or use app’s built-in repair/uninstall and reinstall).

---

2. Network Connections Blocked Unexpectedly

Symptoms:

• Websites, apps, or Windows services stop working after enabling SimpleWall.
• Specific apps can’t access the network while others can.

Causes:

• Default-deny policies (SimpleWall may block all traffic until rules allow it).
• Missing or overly strict rules for system processes or essential services.
• Rule order or precedence causing unintended blocks.

Fixes:

1. Switch to learning/trust mode: Use SimpleWall’s mode that allows outbound connections until you create rules (if available) to identify what needs permissions.
2. Allow system services: Ensure rules permit core Windows services (e.g., svchost, DNS resolver, Network Location Awareness). Create allow rules for these executables or system processes.
3. Allow DNS and DHCP: Add rules permitting UDP/TCP port 53 (DNS) and UDP ports 67–68 (DHCP) if network name resolution or IP assignment fails.
4. Check rule order and specificity: Move broad allow rules above restrictive ones or adjust specificity (process path, local/remote addresses, ports).
5. Use logs to identify blocked connections: Enable logging in SimpleWall, review blocked entries, and create allow rules for legitimate services.
6. Temporarily disable SimpleWall to confirm it’s the cause; if connectivity returns, re-enable and adjust rules.

---

3. Performance Issues and High CPU/Memory Usage

Symptoms:

• Sluggish system performance after enabling SimpleWall.
• SimpleWall process consumes excessive CPU or RAM.

Causes:

• Extensive logging or verbose debug mode.
• Large number of complex rules being evaluated.
• Conflicts with other networking drivers causing retries or loops.

Fixes:

1. Reduce logging level: Turn off debug/verbose logging or limit log retention.
2. Simplify rules: Combine similar rules, avoid overly granular rules when not needed, and remove obsolete entries.
3. Update to latest version: Performance optimizations may be included in newer releases.
4. Check for driver conflicts: Temporarily disable other network-layer filters (VPN/ad-block drivers) to test.
5. Reboot after changes: Kernel drivers sometimes need a reboot to clear state.

---

4. Driver or Service Stops Unexpectedly After Sleep/Hibernate

Symptoms:

• Network filtering stops working after wake from sleep; SimpleWall shows disabled or disconnected status.
• Errors about service not responding.

Causes:

• WFP driver state lost across power state transitions.
• System sleep policies or fast startup interfering with driver reinitialization.

Fixes:

1. Disable fast startup: In Windows power settings, turn off fast startup to allow clean driver initialization on boot.
2. Update network drivers: Ensure NIC drivers are current; outdated drivers can mishandle WFP callbacks on resume.
3. Reinstall SimpleWall service/driver: Uninstall and reinstall the driver; ensure proper driver signing and installation.
4. Create a scheduled task on resume: As a workaround, create a Task Scheduler task that restarts the SimpleWall service on wake from sleep.

---

5. Conflicts with VPNs, Hypervisors, or Virtual Adapters

Symptoms:

• VPN fails to connect or traffic bypasses firewall when VPN is active.
• Virtual machines have no network access or see blocked traffic.

Causes:

• VPN clients and hypervisors add virtual adapters and network-layer filters that interact with WFP.
• Binding order and adapter priority issues.
• SimpleWall rules not accounting for virtual adapter interfaces.

Fixes:

1. Allow virtual adapters or VPN clients: Create allow rules for VPN processes or virtual adapters’ traffic.
2. Set interface-specific rules: Bind rules to the correct interface or adapter when possible.
3. Adjust network binding order: In Network Connections, ensure adapter priorities are correct so traffic flows through expected interfaces.
4. Test with VPN disabled: Confirm whether SimpleWall or the VPN is at fault, then create targeted exceptions.

---

6. GUI Not Reflecting Current State or Crashes

Symptoms:

• SimpleWall UI shows outdated information or freezes.
• App crashes when opening or changing settings.

Causes:

• Corrupted config files or database.
• Insufficient permissions to access service state.
• Conflicts with accessibility tools or UI frameworks.

Fixes:

1. Run UI as administrator: Right-click and run SimpleWall with elevated privileges to allow it to query service state.
2. Reset configuration: Backup and remove or rename the configuration file (usually in AppData or program folder) so the app recreates it on next launch.
3. Reinstall the app: Uninstall, reboot, and reinstall to restore corrupted UI components.
4. Check Windows Event Viewer: Look for application errors tied to SimpleWall to pinpoint causes.

---

7. Rules Not Applying or Persisting

Symptoms:

• Rules disappear after reboot.
• Changes are not saved or active rules revert.

Causes:

• Permission issues writing to config file.
• Profile or roaming settings interfering.
• Corrupted configuration storage.

Fixes:

1. Verify config file location and permissions: Ensure the account running the service can write to the config file path.
2. Use export/import: Export your rules to a file after configuration; if they disappear, import them again and check permissions.
3. Disable sync/profile features: If using roaming profiles or sync tools, exclude SimpleWall settings from sync.
4. Run as service account: Ensure the SimpleWall service runs with appropriate system-level privileges so rules persist.

---

8. Blocked Windows Store, Updates, or Microsoft Services

Symptoms:

• Microsoft Store won’t download apps.
• Windows Update fails or shows network-related errors.

Causes:

• Essential Microsoft services or endpoints blocked.
• Rules blocking TLS/HTTPS traffic to Microsoft domains or CDNs.

Fixes:

1. Allow Windows Update services: Ensure services like wuauserv, bits, and cryptsvc can access network.
2. Allow Microsoft endpoints and CDNs: Create allow rules for the Store and update-related processes, or allow system-wide TLS/HTTPS for trusted Windows processes.
3. Temporarily disable SimpleWall to run updates: Apply updates, then re-enable and refine rules.

---

9. IPv6 Traffic Issues

Symptoms:

• Applications using IPv6 fail to connect.
• Inconsistent behavior between IPv4 and IPv6.

Causes:

• Rules only defined for IPv4 or implicitly block IPv6.
• Lack of allow rules for IPv6 addresses or protocols.

Fixes:

1. Create IPv6 rules: Explicitly add rules for IPv6 when needed.
2. Allow ICMPv6 and necessary IPv6 protocols: Ensure Neighbor Discovery and related protocols are permitted.
3. Disable IPv6 only as a last resort: If troubleshooting is difficult, temporarily disable IPv6 to restore connectivity, but prefer proper rules.

---

10. Troubleshooting Workflow and Best Practices

Steps to diagnose and fix issues systematically:

1. Reproduce the problem while logging is enabled to capture blocked events.
2. Temporarily disable SimpleWall to confirm it’s the source.
3. Review logs to identify process, ports, and addresses involved.
4. Create minimal allow rules targeting the identified items.
5. Test connectivity and iterate, expanding rules only as necessary.
6. Keep a backup of working rule sets (export) before major changes.
7. Keep SimpleWall and Windows updated; read release notes for breaking changes.
8. Document custom rules and rationale for future troubleshooting.

---

Appendix — Useful Rules to Add Quickly

• Allow DNS: UDP/TCP port 53 for system DNS resolution.
• Allow DHCP: UDP ports 67–68 for IP assignment.
• Allow Windows Update: allow services/processes wuauserv, bits, svchost (with appropriate service GUIDs if supported).
• Allow time sync: UDP port 123 (NTP) for time synchronization.
• Allow local network discovery: enable mDNS/SMB if using file sharing or printers.

---

If you want, I can: export a sample rule set (JSON/XML) tailored to your system, or walk through capturing logs and creating the exact allow rules for a problem you’re seeing now.