search

evilsocket / opensnitch

OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.
GNU General Public License v3.0
9.92k stars 490 forks source link

Pop-up timeout limited at 99 seconds #783

Closed Danny3 closed 1 year ago

Danny3 commented 1 year ago

Hello!

Describe the bug The default timeout of pop-ups is limited at 99 seconds

Include the following information:

Steps to reproduce the behavior:

  1. Go to firewall's UI
  2. Click on the Settings icon, the one that looks like Plasma's "System Settings"
  3. When the settings window opens click on the + (plus sign) on the "Default timeout" line until it reaches 99.
  4. See how continuing to click the + sign doesn't do anything anymore as it's limited to 99 seconds.

Expected behavior (optional) I expected to be be either unlimited or very high. First time I noticed this was when I wanted to put 120 seconds, so 2 minutes, to not have to worry about not being able to read all the details off the connections.

I think I would want multiple things to be different here:

  1. If unlimited is not possible, like putting a 0 (zero), at least make the maximum possible half or an hour. Having a meal, going to bathroom or being in a game can easily make you miss this pop-ups.

  2. I see that clicking on the - sign many times or putting a 0 is actually possible, but it's not clear what a 0 timeout means Will the pop-up be displayed and very quickly closed with a "deny" action chosen or it will not be shown at all? Or it means that the timeout is now disabled and the pop-up stays there and waits until you to choose allow, deny or close it, meaning that it will auto-choose the default action? There's no tooltip here explaining what is the minimum, maximum and what a 0 value will do, so I would add these kind of tooltips.

  3. Holding the + or - signs clicked doesn't raise or decrease the numbers faster like in other programs and going from 1 to 99 fo example takes a lot of time and clicks.

  4. Besides increasing the countdown limit or make it unlimited, I wish that alternatively there was a way that by clicking anywhere in the pop-up window, except the buttons, will just stop to countdown and I can read everything that I want to read or take a screenshot without fearing that I have to hurry that it will close with the wrong action. Same for the case of exiting a game and seeing the pop-up window and having 1 or 2 seconds left to read and answer. It would be great that if as soon as the window gets focus for being out of focus because of the game, the countdown is stopped or restarted, if such a thing is possible.

Additional context BTW, the "Settings" icon and the last one (the shield) in the main UI window and, don't have any tooltips explaining what they are for and what will happen i you click on them. It would be nice to have tooltips on them too.

And the "Action" dropdown in the settings, also doesn't have tooltips. For example, I want to know what's the difference between "deny" and "reject" actions because they sound to me that they do the same thing, but there must be a difference in behavior. It would be nice to have tooltips here too. And one more thing fo the "Default timeout or any field that has a numeric value that needs to be set, it would be great to know also what units are expected, seconds, minutes or something else

Thank you!

gustavo-iniguez-goya commented 1 year ago

First time I noticed this was when I wanted to put 120 seconds, so 2 minutes, to not have to worry about not being able to read all the details off the connections.

The timeout is hardcoded on the daemon to 120s. The default timeout on Linux is more or less the same:

~$ time telnet 1.1.1.1
Trying 1.1.1.1...
telnet: Unable to connect to remote host: timeout

real    2m9,858s
user    0m0,000s
sys 0m0,005s

On the other hand, while we're asking to deny/allow a connection, every other connection is denied or allowed based on the Default Action configured. So it has no sense to show a pop-up for 30 minutes.

What you can do is to force opensnitch to ask you again for unanswered connections, by changing Default Duration (of the rule) to 30s for example (and Default Timeout to 25s for example). Then if you miss a connection the following will occur:

image

image

So you have plenty of options to know that something happened and review it.

gustavo-iniguez-goya commented 1 year ago

I see that clicking on the - sign many times or putting a 0 is actually possible, but it's not clear what a 0 timeout means Will the pop-up be displayed and very quickly closed with a "deny" action chosen or it will not be shown at all?

0 disables the pop-ups and applies the Default Action on new connections.

I wish that alternatively there was a way that by clicking anywhere in the pop-up window, except the buttons, will just stop to countdown

This was requested long time ago, but I don't remember why I limited it to the buttons. I'll review it.

gustavo-iniguez-goya commented 1 year ago

Closing as I think that we have many options to warn users about not answered pop-ups.

:heavy_check_mark: Added option to disable countdown by clicking on the pop-up window. :heavy_check_mark: I'll update the tooltip to describe that setting the timeout to 0 disables the pop-ups, or better, if the timeout is 0, mark the checek [x] Disable pop-ups

boredsquirrel commented 1 year ago

setting it to zero makes it immediately choose the default option.

Just suggesting setting default to 30s means you have to click "always" every time you really want to set something. This means at least 2 clicks more. If its for applications thats okay, but not for individual connections.

Just leave this issue open, it really is a big deal.

Other requests like tooltips or even accelerated number incrementing is very optional.

Having the systray icon change is a real solution and possibly working workaround.