How GlassWire is currently:
Users can only Allow or Deny a program from accessing the WAN or LAN. User has no granular controls over permissions.
How GlassWire could be:
When the user gets the popup to “Allow” or “Deny” and clicks “Allow”, a rule is created based on the specific connection: program, protocol, direction, host, port. If the program ever makes a new request with different rules another popup should happen prompting the user to Allow or Deny the new rule. The user should also have the ability to “Allow All” at any time to never prompt again for the program and just allow it to create new rules as needed.
Currently, users see this:
Something like this would be better:
Other firewall examples:
To give an idea on how editing or creating rulesets could look, I would draw attention to another firewall for example, in this case it is Outpost Firewall:
We have gone back and forth between calling it “profiles” or “rules” but it does what you are requesting. For example “allow all” and “block all” exists as you requested, and you can also save different profiles (or rules).
So if you want to have a profile at night “block all but Outlook” then always have that profile available and switch that profile on at night you can do so.
I don’t want to give it all away before the update but I think you’ll find it useful.
In the center of the firewall window is the “Firewall Profiles” option. You can create and save a firewall profile depending on your location, or how you use your device. For example, you can turn on “Ask to connect” mode and deny everything but Internet Explorer so nothing else accesses the network. You can then use this profile while you’re on a metered Internet connection to save data usage.
Profiles are fundamentally different from what OP was proposing. In fact, they are on the other end of the spectrum when it comes to granularity.
Profiles are network-wide while OP was asking about rules based on combination of connection’s application, port, IP, in/out direction.
To give you a real life example: there’s a first time connection from PowerShell, when invoking Update-Help cmdlet. I want to allow it, but only for this particular IP - most likely a Microsoft server.
Untill I modify/extend the ruleset, all other combinations of above mentioned parameters should block PowerShell from accessing the network - including incoming requests above all else.
Right now it’s just Allow/Block a particular app or deny all apps - not very granular and profiles do not help at all in this use-case, even though they are useful in their own right.
Any progress to report on this? This is a sorely needed feature. I have to go though my allow list quarterly to keep the list shorter, removing all the update apps since they constantly download new update apps with new names(Fyou windows apps/updates), and one time use install apps.
Multiple rules for different versions of the same app installs new versions in different folders (Opera, Slack, Discord, WPS Office, any Electron app, …)
Failing installs that use a temporary executable connecting to the Internet and failing before GW (in Ask-to-connect mode) shows the prompt. Example is gcloud components update using ‘%Temp%\tmpXXXXXXXX\python\python.exe’. The only workaround is switching GW to Click-to-block mode temporarily (very impractical).
A very simple solution would be:
Sufficient one: allowing editing path in existing rules and using * wildcard in any path segment, or some common glob pattern syntax like node-glob to not reinvent the wheel.
Smart one (on top of 1): Autodetect apps of the same name that differ only by version (number in single path segment) and update the existing rules automatically
