Govibe NetShield Firewall
README

Overview
Govibe NetShield Firewall is a Windows desktop firewall monitor built as a single C source file.
It watches live network connections, shows the process responsible for each connection, and lets you manage rules directly from the GUI.

This branch combines several levels of control:

1. Per connection rule actions
You can allow or block the selected connection for OUT, IN, or BOTH directions.

2. Per application and per remote IP rules
You can allow or deny a specific remote IP for a specific application, independently for OUT and IN.

3. Overall application rules
You can whitelist or blacklist an entire application.
A whitelisted application is treated as allowed overall.
A blacklisted application is treated as denied overall.

4. Global manual IP and port rules
You can manually enter an IP or port and apply a global Windows Firewall rule for OUT, IN, or BOTH directions.

Main Features
Live connection monitoring
Process name, PID, local endpoint, remote endpoint, state, and path
Independent OUT and IN rule handling
Allow BOTH and Block BOTH actions for selected rows
Manual global IP rule buttons for OUT, IN, and BOTH
Manual global port rule buttons for OUT, IN, and BOTH
Individual IP allow list
Individual IP deny list
Application whitelist for overall allow
Application blacklist for overall deny
Lock App To IP button
Kill PID button
Hide To Tray button
Right click context menu in the main grid
Right click delete in the lists
Tray icon with restore and exit actions
Minimize to tray
Autostart option
Adjustable refresh speed
Selection stays selected during refresh
Popup detection for new connections
Administrator elevation on startup
Light theme and dark theme
Theme setting saved next to the EXE
24 hour, 72 hour, and 7 day connection flow logs
AI sentry log
AI sentry anomaly detector options
Strict manual validation for IPs and ports
Popup attack alerts
Sensitive port alerts
Port scan alerts
Command tool network watch
About Govibe.org menu entry

Runtime files
The program creates text files next to the EXE for saved rules and settings.
Depending on the build version, these may include:

netshield_allowlist.txt
netshield_denylist.txt
netshield_app_whitelist.txt
netshield_app_blacklist.txt
netshield_theme.txt
netshield_flow_log_24h.txt
netshield_flow_log_72h.txt
netshield_flow_log_week.txt
netshield_ai_sentry_log.txt

The output EXE is:
GovibeNetShieldFirewall.exe

How to Run
Run GovibeNetShieldFirewall.exe as Administrator.
The program asks for elevation because firewall rule creation and deletion require administrative rights.

Main Window
The main grid shows current detected connections.
It refreshes automatically based on the selected update speed.

You can:
Select a live row and apply OUT, IN, or BOTH rules
Use Lock App To IP on the selected row
Kill the selected process with Kill PID
Hide the window to the tray
Review saved IP rules and app rules in the side lists
Enter a manual IP and apply global IP rules
Enter a manual port and apply global port rules

Top action buttons
The main action row includes:
Refresh
Allow OUT
Block OUT
Allow IN
Block IN
Allow BOTH
Block BOTH
Lock App To IP
Kill PID
Hide To Tray

Manual IP controls
The manual IP area lets you enter one IPv4 address or one IPv4 CIDR block and apply:
Allow IP OUT
Deny IP OUT
Allow IP IN
Deny IP IN
Allow IP BOTH
Deny IP BOTH

Manual Port controls
The manual port area lets you enter one numeric port and apply:
Allow Port OUT
Deny Port OUT
Allow Port IN
Deny Port IN
Allow Port BOTH
Deny Port BOTH

Right Click on Main Grid
Depending on the current build, the context menu can include:
Allow this IP OUT
Deny this IP OUT
Delete OUT IP rule
Allow this IP IN
Deny this IP IN
Delete IN IP rule
Add app to whitelist
Add app to blacklist

Rule Logic
Per application plus per IP rules
These are specific to one application and one remote IP.
They let you allow or deny only that IP, separately for OUT and IN.

App whitelist
This is an overall allow for the entire application.
It means the application is allowed as a whole, including future IPs.

App blacklist
This is an overall deny for the entire application.
It means the application is blocked as a whole, including future IPs.

Global IP rules
These are manual Windows Firewall rules based on the IP text you enter.
They are not tied to one single process row.
You can apply them to OUT, IN, or BOTH.

Global port rules
These are manual Windows Firewall rules based on the port text you enter.
They are not tied to one single process row.
You can apply them to OUT, IN, or BOTH.

This lets you combine:
fine control per connection
fine control per app and IP
overall control per application
global control per IP
global control per port

Examples
Allow only one IP for one application
Use the row based IP allow option for that exact row.

Block one specific IP used by an otherwise trusted app
Use the row based IP deny option for that exact row.

Trust the whole browser and stop repeated prompts
Add the browser EXE to the app whitelist.

Block a suspicious application completely
Add the EXE to the app blacklist.

Open a global outbound port
Enter the port and use Allow Port OUT.

Block a noisy inbound port for the whole machine
Enter the port and use Deny Port IN.

Allow one manual IP for both directions
Enter the IP and use Allow IP BOTH.

Lists
IP Allow List
Shows saved per IP allow rules.
Right click an entry to delete that exact IP rule.

IP Deny List
Shows saved per IP deny rules.
Right click an entry to delete that exact IP rule.

App Whitelist
Shows saved overall allow rules for applications.
Right click an entry to delete that overall app allow rule.

App Blacklist
Shows saved overall deny rules for applications.
Right click an entry to delete that overall app deny rule.

Tray Behavior
Left click the tray icon to open or restore the main window.
Right click the tray icon for the tray menu.
The menu includes restore and exit.

Options Menu
The Options menu includes:
Refresh speed
Theme
Logs
Security
Help

Refresh Speed
The Options menu lets you choose the update speed.
Typical speeds include:
0.5 second
1 second
1.5 seconds
3 seconds
5 seconds
10 seconds
30 seconds

Theme
The Theme menu lets you switch between Light Theme and Dark Theme.
The current theme is saved and restored on the next launch.

Logs
The Logs menu lets you open:
24 hour flow log
72 hour flow log
7 day flow log
AI sentry log
log folder

Security Menu
The Security menu can include toggles for:
Strict manual validation
AI sentry anomaly detector
Popup attack alerts
Sensitive port alerts
Port scan alerts
Command tool network watch
Enable 24 hour flow log
Enable 72 hour flow log
Enable 7 day flow log
Enable AI sentry log

Selection Persistence
When the grid refreshes, the program tries to keep the same row selected if that connection still exists.

Autostart
The GUI includes an autostart option.
This adds or removes the application from Windows startup.

Notes About Browsers
Browsers such as Firefox can open many connections to many different IPs.
That is normal because of tabs, CDNs, media, scripts, and background services.
Use the app whitelist if you want to trust the browser overall and stop repeated prompts.

Troubleshooting

The app opens and closes instantly
This usually means a crash in the current build.
Rebuild with the latest fixed source and test again.

Firewall rule add failed
Make sure the EXE is running as Administrator.
Some rule operations depend on netsh and Windows Firewall access.

Firewall rule delete failed
Older test builds may have created rules with different names.
Newer builds try more deterministic naming and deletion.

Manual rule input is rejected
Strict validation may be blocking invalid input.
Use one valid IPv4 address or IPv4 CIDR block for manual IP rules.
Use one numeric port between 1 and 65535 for manual port rules.

Too many browser popups
Whitelist the browser as an application if you trust it overall.
You can also adjust the security toggles depending on how aggressive you want detection to be.


Govibe.org
