Expensive satellite WAN connection. I have a handful of apps requiring WAN access, all other must be blocked. Is there a way to do this without having to explicitly block each and every app?
1 Like
Agree there should be a Global Option to either Auto Allow All or Auto Deny All, with the individual app sliders either enabling or denying individual apps depending on what the Global auto rule setting is.
This shouldn’t be too difficult a coding issue, but maybe the Devs could provide some feedback on whether this is being considered.
The only issue I see is that a change of the Global Auto rule may need a complete firewall rules reset in order for it to take effect as reversing all individual entries could be erroneous and complicated.
Still being able to either deny all or allow all by default would be a great addition. Then the individual app sliders can either enable or deny traffic depending on how the global option has been set.
Unfortunately the “Ask to Connect” option seems to allow the traffic regardless until you either select the Allow or Deny option in the popup. To me this is a complete failure in terms of firewall functionality and basic security. The default should always be to deny traffic unless explicitly allowed, so for this option it should be denying the traffic until the user either explicitly selects Allow or Deny in the popup.
If this option actually worked correctly, then it may have been the solution you needed, but given it allows all the traffic by default it is no better than having to go and deny each app individually.
Hello @WoobaGooba and @Lennon
Thank you both for your insights and suggestions regarding the management of WAN connections through GlassWire. @WoobaGooba your question about simplifying the process of restricting apps is a very relevant one, especially for those managing limited bandwidth on expensive connections like satellite.
I’d like to clarify a bit about the current “Ask to Connect” mode to ensure there’s no confusion. When this mode is enabled, it actually blocks new connections by default. An app will not be able to access the WAN until you explicitly allow it via the popup notification. This means that no traffic is allowed through unless it has been explicitly permitted by the user, which should meet the security and functionality needs you mentioned.
This default deny behavior in “Ask to Connect” mode aligns with the principle of least privilege, ensuring that only apps you’ve approved have network access. If you’re experiencing different behavior, it might be worth checking the settings or reaching out for further support (help@glasswire.com) to ensure everything is configured correctly.
Kind regards,
Katie
Hi @Katie_GlassWire, in my limited testing of the Ask to Connect setting I have found Glasswire still allows the traffic until you explicitly select deny. This does not align with least privilege zero trust principles which is why I made my original remarks.
As I do not rely on Glasswire firewall for security I do not have this item turned on by default, so it was only through my limited testing of this option in response to the O.P. that I discovered this surprising behaviour, and thus I found it not suitable if it was still going to allow the traffic anyway in the first instance.