I discovered Glasswire yesterday and was so impressed I purchased a license right away.
However, I quickly discovered a shortcoming in the Firewall that I think would be trivial to implement an enhancement for.
Because there are currently no host-based rules one must make a binary decision: “Do I wish to to Allow or Deny this application?”
From a user interface perspective, this is nice and simple. But unfortunately this is not quite a particularly robust implementation. For example, I have IP camera software and printer software which “phones home” over the internet. I cannot allow this traffic. So I DENY the application.
But, in denying the application, I have now prevented that same software from accessing the LAN. The IP cam software thus cannot access cameras on the LAN, and the printer software cannot access the printer! So now I need to go and unblock them…and guess what? First thing they do is phone home to undesirable addresses over the internet.
I believe there is a very simple solution and I’ve seen it implemented in TinyWall with a single checkbox.
- Enumerate all network devices and determine their default gateway and netmask to determine all the accessible LAN subnets.
- Add a checkbox option to Settings -> General: “Exclude LAN traffic.”
- In Linux, iptables applies the rule that matches first. So I would add a whitelist rule for each of the local subnets at the top of my rules. Local traffic simply passes uninhibited. Then any block rules come after. I am unfamiliar with Windows Firewall, but I imagine it works similarly.
The reason why I propose this simple solution is because I think it would conflate the UI when users are prompted to “Allow” or “Deny” to add more options, or more buttons. There is obviously quite a bit of thought in your UI design and users would be distracted or confused by too many options in the Allow/Deny popup. Instead – let them Deny the questionable program – same as they do now, and just let LAN traffic pass uninhibited via a global setting, if they so chose.
Thanks for listening!