ignoramous
commented
7 months ago Block UDP rule exists because some SOCKS5 proxies only support TCP (in which case allowing QUIC based transports like HTTP3 would leak). Tor (via Orbot) is another popular protocol that's TCP-only (for now).
We made an exception to let NTP through (and only from System) because disallowing time sync breaks many apps as things as ubiquitous as TLS depend on it.
When the firewall turns on "Block UDP", it will block HTTP3 as well. I hope that HTTP3 will not be intercepted like DNS and NTP.
Although there are not many websites that support HTTP3 now, I believe this feature is still necessary.