Open Source Windows Firewall Software
Sort By:
Firewall Software for Windows
View 20 business solutionsBrowse free open source Firewall software and projects for Windows below. Use the toggles on the left to filter open source Firewall software by OS, license, language, programming language, and project status.
-
Forever Free Full-Stack Observability | Grafana CloudBuilt on open standards like Prometheus and OpenTelemetry, Grafana Cloud includes Kubernetes Monitoring, Application Observability, Incident Response, plus the AI-powered Grafana Assistant. Get started with our generous free tier today.
-
Earn up to 16% annual interest with Nexo.Put idle assets to work with competitive interest rates, borrow without selling, and trade with precision. All in one platform. Geographic restrictions, eligibility, and terms apply.
-
1
Privoxy
HTTP proxy to block ads and customize webpages
Privoxy is a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data and HTTP headers, controlling access, and removing ads and other obnoxious Internet junk. Privoxy has a flexible configuration and can be customized to suit individual needs and tastes. It has application for both stand-alone systems and multi-user networks. -
2
simplewall
Simple tool to configure Windows Filtering Platform (WFP)
simplewall is an open-source Windows application that provides a user-friendly firewall control interface powered by Windows Filtering Platform (WFP), enabling users to block or allow outgoing and incoming network connections without diving into complex OS settings or command-line tools. The app presents a clean, intuitive UI where users can define rules based on process names, IP addresses, ports, and protocols, making it possible to restrict apps from accessing the internet or control specific traffic flows with fine granularity. Because simplewall leverages WFP directly, it operates at a low level in the network stack, ensuring reliable enforcement of rules system-wide while remaining lightweight. It also includes optional modes like blocking all inbound or outbound traffic except what’s explicitly allowed, and supports temporary rule application, logging, and diagnostic views to help users understand what traffic is being blocked or permitted. -
3
UPnP PortMapper
Manage port forwardings via UPnP
The UPnP PortMapper can be used to easily manage the port mappings/port forwarding of a UPnP enabled internet gateway/router in the local network. -
4
Advanced Onion Router is a portable client for the OR network and is intended to be an improved alternative for Tor+Vidalia+Privoxy bundle for Windows users. Some of the improvements include UNICODE paths, support for HTTP and HTTPS proxy protocols on the same Socks4/Socks5 port with HTTP header filtering that generates fake identity-dependent headers every time the identity is changed (proxy chains are also supported), support for NTLM proxies, a User Interface that makes Tor's options and actions more accessible, local banlist for forbidden addresses, private identity isolation, a point-and-click process interceptor that can redirect connections from programs that don't support proxies, also giving them fake information about the local system and support for .onion addresses. Also, it can estimate AS paths for all circuits and prevent AS path intersections, it can restrict circuits to be built using only nodes from different countries, can change circuit lengths and more.
-
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
5
Endian Firewall Community (EFW) is a "turn-key" linux security distribution that makes your system a full featured security appliance with Unified Threat Management (UTM) functionalities. The software has been designed for the best usability: very easy to install, use and manage and still greatly flexible. The feature suite includes stateful packet inspection firewall, application-level proxies for various protocols (HTTP, FTP, POP3, SMTP) with antivirus support, virus and spam-filtering for email traffic (POP and SMTP), content filtering of Web traffic and a "hassle free" VPN solution (based on both OpenVPN and IPsec).
-
6
CacheGuard Gateway
CacheGuard Gateway is a UTM, a WAF, and a QoS management appliance.
CacheGuard Gateway is a free and open-source Unified Threat Management (UTM) solution, a Web Application Firewall (WAF), and a Quality of Service (QoS) platform designed to optimize WAN traffic. To obtain a CacheGuard Gateway appliance, download CacheGuard-OS and install it on the bare-metal or virtual machine of your choice. It’s that simple and completely free. The UTM includes a firewall, web antivirus, VPN server, and a URL-filtering and SSL-inspection web proxy. The WAF operates in conjunction with a reverse proxy, web application load balancer, and SSL offloader, and is capable of blocking malicious requests as well as traffic from IP addresses with poor reputations. The QoS manager enables traffic shaping to prioritize critical network flows, load balance multiple WAN links, and cache web traffic. -
7
PeerGuardian
PeerGuardian - a privacy oriented firewall application
PeerGuardian is a privacy oriented firewall application. It blocks connections to and from hosts specified in huge blocklists (thousands or millions of IP ranges). Its origin seeds in targeting aggressive IPs while you use P2P. PeerGuardian Linux: Not developed actively anymore. Team might still be around. Some unreleased changes on git. Outdated technology. Peerguardian OS X: Not developed anymore. We've lost contact with the OS X developer. PeerGuardian Windows: Not developed anymore. It's highly recommended to use PeerBlock instead, which is a continuation of PeerGuardian's development in Windows, with bug fixes and support for Windows Vista and Windows 7. Collaboration with peerblock.com is welcome! PeerGuardian is an open project. Not only is its source code open for you to read, use, and modify - but the project is open for you to join and contribute in any form (code, documentation, bug reports, web and support). -
8
BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a web front-end to query and analyze the alerts coming from a SNORT IDS system.
-
9
OPNsense
OPNsense is an open source, easy to use firewall and routing platform
OPNsense is an open source, easy to use and easy to build FreeBSD based firewall and routing platform. OPNsense includes most of the features available in expensive commercial firewalls, and more in many cases. Mission statement of the project: "Give users, developers and businesses a friendly, stable and transparent environment. Make OPNsense the most widely used open source security platform." -
Gemini 3 and 200+ AI Models on One PlatformBuild generative AI apps with Vertex AI. Switch between models without switching platforms.
-
10
SafeLine
Serve as a reverse proxy to protect your web services from attacks
SafeLine is a self-hosted WAF(Web Application Firewall) to protect your web apps from attacks and exploits. A web application firewall helps protect web apps by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web apps from attacks such as SQL injection, XSS, code injection, os command injection, CRLF injection, LDAP injection, XPath injection, RCE, XXE, SSRF, path traversal, backdoor, brute force, HTTP-flood, bot abuse, among others. By deploying a WAF in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine’s identity by using an intermediary, a WAF is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server. A WAF protects your web apps by filtering, monitoring, and blocking any malicious HTTP/S traffic traveling to the web application. -
11
Coraza
OWASP Coraza WAF is a golang modsecurity compatible firewall library
Coraza is an open-source, enterprise-grade, high-performance Web Application Firewall (WAF) ready to protect your beloved applications. It is written in Go, supports ModSecurity SecLang rulesets and is 100% compatible with the OWASP Core Rule Set. Coraza is a drop-in alternative to replace the soon-to-be abandoned Trustwave ModSecurity Engine and supports industry-standard SecLang rule sets. Coraza runs the OWASP Core Rule Set (CRS) to protect your web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. CRS protects from many common attack categories including: SQL Injection (SQLi), Cross Site Scripting (XSS), PHP & Java Code Injection, HTTPoxy, Shellshock, Scripting/Scanner/Bot Detection & Metadata & Error Leakages. Coraza is a library at its core, with many integrations to deploy on-premise Web Application Firewall instances. -
12
CrowdSec
Firewall able to analyze visitor behavior & provide adapted response
CrowdSec - an open-source massively multiplayer firewall able to analyze visitor behavior & provide an adapted response to all kinds of attacks. It also leverages the crowd power to generate a global IP reputation database to protect the user network. Crowdsec shouldn't, and didn't crash any production so far we know, but some features might be missing or undergo evolutions. IP Blocklists are limited to very-safe-to-ban IPs only (~5% of the global database so far, will grow soon). A modern behavior detection system, written in Go. It stacks on Fail2ban's philosophy, but uses Grok patterns & YAML grammar to analyse logs, a modern decoupled approach (detect here, remedy there) for Cloud/Containers/VM based infrastructures. Once detected you can remedy threats with various bouncers (block, 403, Captchas, etc.) and blocked IPs are shared among all users to further improve their security. Crowdsec is an open-source, lightweight software, detecting peers with aggressive behaviors. -
13
jNetPcap - A Libpcap Java Binding
A java PCAP and DPI library
A java wrapper for popular "libpcap" and "WinPcap" libraries. Accurate full API translation. Packet buffers delivered with no copies. Send custom packets, gather statistics. Comprehensive and easily extensible DPI engine. -
14
wipfw - IPv4 packet filter and traffic shaper for Windows based on IPFW (FreeBSD firewall).
-
15
PHP - Net_RouterOS
A client for the MikroTik RouterOS API protocol, written in PHP.
A client for the MikroTik RouterOS API protocol, written in PHP. Easy, tested and documented. All feedback welcomed. -
16
respite vpn - ssh & openvpn injector
Bypass your ISP's firewalls and connect to the internet!
Source: https://github.com/AlizerUncaged/HTTP-Injector respite is a SSH/openVPN client that allows you to connect to the internet with custom injected HTTP Proxy headers. This application requires Java (https://www.java.com/en/download/) and .Net 4.5 (https://www.microsoft.com/en-ph/download/details.aspx?id=42642 .Net 4.5 is already preinstalled in Windows 10). There are many SSH and OpenVPN Server providers in the internet, one is https://www.tcpvpn.com HTTP Proxy responses override (source code): https://github.com/AlizerDoesJava/respite-proxy-override Please rate, any feedback is appreciated. The application and server providers are free. -
17
Enables tunneling of network connections through restrictive HTTP proxies. Features: Portmapping, SOCKS4, SOCKS5, web-based admin interface, possibility to use standalone server (perl) or hosted server (PHP), optional authorization from LDAP or MySQL
-
18
SonicReader
Sonicwall Configuration File Reader
SonicReader is used to view and save reports of the internals of a Sonicwall Configuration file. This is useful for those people that wish to know the settings within their saved Sonicwall Configs. I have no affiliation with Dell Sonicwall. Please do not contact Dell Sonicwall regarding the use of this program. -
19
Netdeep Secure Firewall
Next Generation Open Source Firewall
Netdeep Secure is a Linux distribution with focus on network security. Is a Next Generation Open Source Firewall, which provides virtually all perimeter security features that your company may need. It offers Web content filters, ensuring better performance of the network, allowing users to use the service efficiently and securely, providing a deep control of the use of the Web access service, blocking access to unwanted websites, Virus, Spam, Applications and intrusion attempts. Its configuration is made entirely by the web interface. -
20
The Nemesis Project is designed to be a command line based, portable human IP stack for UNIX-like and Windows systems. The suite is broken down by protocol, and should allow for useful scripting of injected packets from simple shell scripts.
-
21
LoL Absent
Program to block League of Legends contacts.
ABANDONED PROJECT. THE PROGRAM DOES NOT WORK BECAUSE THE CHAT SERVERS HAVE CHANGED SINCE THE LAST UPDATE. Program to block League of Legends contacts. When you use it, you will appear offline and you will not be able to write in the picks and bans phase, but yes during the game. REQUIREMENTS: 1 - Windows 10 x64 or higher operative system. 2 - NET Framework 4.7.2 or higher. -
22
Nodogsplash offers a simple way to provide restricted access to an internet connection. It is intended for use on wireless access points running OpenWRT (but may also work on other Linux-based devices).
-
23
Windows Port Knocking. A Windows implementation of port knocking developed to work alongside an existing firewall (the free CHX-I Packet Filter v3.0).
-
24
CBQ.init script demonstrate power of CBQ mechanism in network traffic management under Linux platform. This bash script parses human-readable config files and does all needed manipulation with 'tc' linux kernel utilite. See WebCBQ project for Web GUI.
-
25
WaGis-Mass-IP-Blacklist-Windows-Firewall
This Tool blocks a Mass of IP's via the Windows Firewall - IP Blocker
This is a easy to use Mass-IP-Blocker/Blacklister Tool. Much more efficient than a Batch-Script. You can automatically block IP Addresses from a Online-IP-List, or just paste in your own IP's you want to block.
