4 Usability Suggestions

[metal450]

This firewall is amazing. I'm so glad someone decided to continue the project so it didn't end up disappearing - thank you!

After a day or so of use, I have 4 smallish suggestions that I think would make a huge difference to usability:

• A search filter for the rules list (just like on the General tab) would make it much easier to find/mess with the one(s) you're looking for
• In the pop-up notification, allow the new rule name & executable path to be edited. I amost always find myself having to go to the main UI right after a popup to change one of these two (usually the name) - this would save quite a bit of repetitive work while getting your rules setup.
• In the main UI, when you edit a rule then go "back," the sort list has changed, making it a bit disorienting to resume where you left off. Would be great if it retained the previous sort.
• Ability to multiple-select & delete rules. Currently I believe you have to do them one at a time, via double-click->delete->back, double click->delete->back.

Thanks again for the great work!

[gustavo-iniguez-goya]

A search filter for the rules list (just like on the General tab) would make it much easier to find/mess with the one(s) you're looking for

Agree. It'd be useful for the other tabs as well. Sometimes I want to look for a particular host or ip, but the list is too big and it's a bit tedious. I'll add it this week.

In the pop-up notification, allow the new rule name & executable path to be edited. I amost always find myself having to go to the main UI right after a popup to change one of these two (usually the name) - this would save quite a bit of repetitive work while getting your rules setup.

The only problem with this is that when a pop-up notification is displayed, all connections are queued, which can lead to timeouts or drops. It needs to be changed, which would allow us to even get rid of the pop-up notifications if the user choose to do so.

On the other hand, as the user can change it from the rules editor, I don't consider it urgent for now.

In the main UI, when you edit a rule then go "back," the sort list has changed, making it a bit disorienting to resume where you left off. Would be great if it retained the previous sort.

Yes, this is in fact a bug. It also happens on the other tabs.

Ability to multiple-select & delete rules. Currently I believe you have to do them one at a time, via double-click->delete->back, double click->delete->back.

Already done :) You can test it by copying this file to /usr/lib/python3/dist-packages/opensnitch/dialogs/: https://raw.githubusercontent.com/gustavo-iniguez-goya/opensnitch/ui2.0/ui/opensnitch/dialogs/stats.py

[metal450]

The only problem with this is that when a pop-up notification is displayed, all connections are queued, which can lead to timeouts or drops. It needs to be changed

I don't really see why that affects/prevents this? Already, when there's a popup you can configure allow/deny, whether it applies to the port, IP, domain, subnet, etc (i.e. via the "+" button). This would simply supplement those already-configurable items with one more: an input box for the rule name. The big advantage being that if you do need to go back to the UI & make revisions later (or even right after), it'd be considerably easier to locate the rule - no need to dig around trying to figure out which one it was that you just added, as you've clearly named it yourself :)

[gustavo-iniguez-goya]

it'd be considerably easier to locate the rule - no need to dig around trying to figure out which one it was that you just added

Completely agree. The default name was fine while we couldn't edit it from the GUI, but now it can be improved. It wouldn't need too much work, maybe I can add it this week if I have time. If others are reading this, I'd love to hear more opinions.

The problem is that when the pop-up is displayed, due to the way it is currently implemented, it blocks all the network traffic until the pop-up is closed, regardless what you configured as the default action. If you have for example a timeout of 30s and launch a curl (curl https://www.duckduckgo.com), curl will exit with a timeout. That can also cause problems with other software.

The change should be to let the traffic pass and apply the default action configured until the pop-up is dismissed. But this change will take me more time to implement it.

[gustavo-iniguez-goya]

Yes, this is in fact a bug. It also happens on the other tabs.

sort order fix, I hope. Copy this file to test it: https://raw.githubusercontent.com/gustavo-iniguez-goya/opensnitch/59c8a01a66424f0531f56c1f628009ef5f14bf31/ui/opensnitch/dialogs/stats.py

[metal450]

• Regarding the multi-delete: It looks like it deletes, but doesn't update the UI (i.e. after deleting I thought they were still there - but it turns out if I re-sort the columns, then they're actually gone).
• Regarding sort order: Yup, fixed.
• Regarding blocking traffic: Yup, I noticed that. But I still think that's a separate/distinct issue. Whether or not that's fixed doesn't really preclude having the ability to optionally edit the autogenerated rule name in that dialog - that would be the same whether it were blocking traffic or not :)

[gustavo-iniguez-goya]

Regarding the multi-delete: It looks like it deletes, but doesn't update the UI (i.e. after deleting I thought they were still there - but it turns out if I re-sort the columns, then they're actually gone).

The thing is that it's refreshed when there's a new connection. So it can pass several seconds until it's refreshed. I'll fix it this week.

blocking traffic:

Right now there're 3 timeouts in opensnitch when a connection is about to be established:

1. (UI) the countdown of the pop-up.
2. (daemon) the default timeout of the daemon if it's not connected to the UI.
3. (daemon) and a timeout of 30s to answer a pop-up.

The 3rd timeout is not configurable. I remember had seen it a while back, but I haven't had the opportunity to make it configurable.

So if you don't answer a pop-up in 30s (regardless of what is configured in the UI), then the daemon considers that it's not connected to the UI and applies the default conf:

[WAR] Error while asking for rule: rpc error: code = Unavailable desc = transport is closing%!(EXTRA *conman.Connection=/usr/bin/curl (14305) -> 1.1.1.1:80 (proto:tcp uid:1000))

This is what I was referring to that it needs to be changed before allowing to edit the rule name from the pop-up. But this bug is going to take more time to be fixed.

[metal450]

This is what I was referring to that it needs to be changed before allowing to edit the rule name from the pop-up.

I still don't see how they're related though? They seem to be 2 totally distinct issues: one is a textbox that lets you modify the autgenerated name (regardless of timeout), and the other is cleaning up the timeout situation (whether or not you can edit the name).

[gustavo-iniguez-goya]

3. (daemon) and a timeout of 30s to answer a pop-up.

I've been analyzing this timeout and there's a major problem: the rule is not added to the rules list (UI and daemon) if this timeout is fired before the user allows or denies a connection. So for the next release I'll just increment the timeout value enough to let the UI timeout fire, and find a better solution for the next release.

[gustavo-iniguez-goya]

Regarding the multi-delete: It looks like it deletes, but doesn't update the UI (i.e. after deleting I thought they were still there - but it turns out if I re-sort the columns, then they're actually gone).

The thing is that it's refreshed when there's a new connection. So it can pass several seconds until it's refreshed. I'll fix it this week.

fixed this week O:)