search

celzero / rethink-app

DNS over HTTPS / DNS over Tor / DNSCrypt client, WireGuard proxifier, firewall, and connection tracker for Android.
https://rethinkfirewall.com/
Apache License 2.0
2.88k stars 147 forks source link

Universal (global) rules as app-specific rules #720

Open ignoramous opened 1 year ago

ignoramous commented 1 year ago

Today, there are some of today's universal (global) firewall rules which could be also made app specific:

  1. Block when device locked
  2. Block when not in-use
  3. Block UDP except DNS and NTP
  4. Block when DNS bypassed
ignoramous commented 1 year ago

A user says,

With that, my suggestion is instead still keep them in the universal firewall rules but make various changes to the per-app UI.

(1) Decrease the icons to just 3, which would be:

  • Unmetered
  • Metered
  • Exclude (when this is switched on, I think it will be nice if it will cause all other settings to be greyed out to better communicate to users that this setting disables Rethink for that app)

(2) Add a switch for “Activate advanced settings”. When switched on, this would disable all global rules for that app (which is the same as activating “Bypass DNS and Firewall”) then reveal a menu with the following switches:

  • Block when device locked
  • Block when not in-use
  • Block UDP except DNS and NTP
  • Block when DNS is bypassed
  • Block port 80 (insecure HTTP) traffic
  • Follow the blocklists in DNS
  • Follow universal IP and domain rules
  • Only allow trusted IPs and domains

Basically converting all universal settings to per-app settings which aside from making those settings clearer to the user