Simplewall: 3.0.8 stops checking if Windows Firewall is enabled

It looks like blocking rules have priority whether they are in simplewall or in Windows Firewall. So as long as you (or some program) don't add blocking rule to Windows Firewall, simplewall should have priority.

No, there always seems to be a chance that another program creates rules that override this. See this whole thing: https://github.com/henrypp/simplewall/issues/254

In that conversation I don't see how rules in Windows Firewall can have "allow" priority over simplewall.
Other programs that use WFP API - seems like they can, they can even uninstall simplewall if they want :)

That might be true, might not be. I found the documentation lacking. Better to be safe than sorry in such cases (unless someone can point us to a primary source that properly describes this).

According to https://docs.microsoft.com/en-us/windows/win32/fwp/filter-arbitration#configurable-override-policy

The basic policy is as follows.

• Actions are evaluated in priority order of sub-layers from highest priority to lowest priority.
• "Block" overrides "Permit".
• "Block" is final (cannot be overridden) and stops the evaluation. The packet is discarded.

Further down it mentions a "soft block" which can be overridden by a permit, so it depends if simplewall uses "Allow override" (FWPS_RIGHT_ACTION_WRITE is set) or not.

Surely Simplewall should explicity turn off Windows Firewall and check if it is disabled?

According to https://docs.microsoft.com/en-us/windows/win32/fwp/filter-arbitration#configurable-override-policy

The basic policy is as follows.

• Actions are evaluated in priority order of sub-layers from highest priority to lowest priority.
• "Block" overrides "Permit".
• "Block" is final (cannot be overridden) and stops the evaluation. The packet is discarded.

Further down it mentions a "soft block" which can be overridden by a permit, so it depends if simplewall uses "Allow override" (FWPS_RIGHT_ACTION_WRITE is set) or not.

1. Since simplewall uses a whitelist system, I figure the overall block can only be a soft block; it would otherwise be impossible to create "Allow" rules on top of it.
2. I don't think anyone would benefit from Windows Firewall being active while using simplewall. It makes the whole filtering platform confusing and unpredictable to the end user.
3. Pop-ups like https://github.com/henrypp/simplewall/issues/562 will keep turning up.
4. Again, when new connections are made (e.g. the first time you plug in a cable into your ethernet adapter), Windows Firewall re-enables itself. Simplewall should recognize this behavior and disable Windows Firewall again.

I have Windows Defender Firewall completetely disabled so my system favours Simplewall - am I misunderstanding something here?

As I already said, Windows Defender Firewall can re-enable itself. Simplewall used to check its status on start-up, but since 3.0.8 it doesn't do so anymore.

As I already said, Windows Defender Firewall can re-enable itself.

Hmm. Proof!?

As I already said, it happens when I plug in a network cable and Windows does not have a network profile for this connection yet.

This probably means it will also do this when connecting to a new wireless network.

This can be reproduced by disconnecting from your network, then removing that network profile from the registry in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles and reconnecting.