Firewall feature request - Add an "Apply Once"

When the Firewall is currently set to “Ask to Connect”, there are only two options “Allow” or “Deny”.

Please add the ability to also “Allow Once” and “Deny Once”.

The options would then be -
Allow Always
Allow Once
Deny Always
Deny Once

If we click Once, we will be prompted again the next time the app tries to call home.

Clicking the “Once” option would give us the ability to see how active and persistent an app was trying to call home.

As it is now, once we click Allow or Deny we lose all sense of the app’s outbound “desire” to call home.

The only way to monitor an app’s desired activity is to manually delete the app from the Firewall list after each time we click Allow of Deny.

I’m wondering how you envisage this actually working. I’ve never seen this in a firewall so have you got an example that the rest of us users could see?

FYI, similar requests were made in 2016. I’m guessing it is either a complex feature or not considered important enough. If it was simple then I imagine the GlassWire team would have implemented it in the 2-3 years since they said they were interested:

I have a philosophical question about security. Why would I want to allow an application to communicate when I might soon be blocking it? I would think I’m better off testing the application in a test environment such as a sandbox rather than allowing it connect at all. If I want to see what it does then I can already allow it and then block it at a later time.

The following are some questions I have about the technical issues.

  1. How would GlassWire determine what is considered to be “once”?

    I can use the HTTP protocol as an example. What we call a network connection occurs across more than one layer of the network model and involves more than one protocol so the actual situation is a lot more complex. But this illustrates some of the issues.

    The simplest HTTP transaction has four parts (connect, request, response, close). The firewall could “block once” in at least three ways:

    • Once a connection is made? Block the connection once the host is identified.
    • Once a network transaction is completed? Block the connection once a request-response pair is completed.
    • Once a connection is closed? See the completion of the activity e.g. a file transfer.
  2. How would GlassWire to handle “active or persistent” applications where more than one transaction occurs and more than one host may be involved?

    When would the firewall request further approval:

    • For each new host?
    • For each new protocol?
    • For each new protocol/host combination?
  3. Would setting an “allow once” duration (e.g. 10 seconds, 1 minute, 1 hour) be useful to avoid many interruptions by the firewall?

    If “allow once” is being used to profile the activity of an application then it seems counterproductive to block the application too early. That is probably why one of the other requests suggested using a duration.

    But if only a duration is set then a user could manage this by allowing and then blocking after setting an alarm.

I have “Windows 7 Firewall Control” by Sphinx Software, on my old Vista laptop. Recently I purchased a new Windows 10 laptop and chose Glasswire.

Windows 7 Firewall Control (and their Windows 10 version) have the “Apply Once - For current launch”.
Clicking on this adds a temporary firewall rule, which is automatically deleted when the app is closed.

1 Like

Great. That makes more sense now.