rethink-app icon indicating copy to clipboard operation
rethink-app copied to clipboard

Published 20 hours ago verified publisher icon celzero

Phone blocked doesn't interrupt connection

Open Ypot opened this issue 10 months ago • 11 comments

Behavior: Phone blocked. An app allowed to connect, keeps downloading, isn't blocked by the firewall.

Expected behavior: when phone is blocked, the download should be interrupted.

Settings: DNS+Firewall active Firewall is set to work only when phone is blocked. No DNS, no firewall bypassed. The app is allowed to connect. No special rules added.

Ypot avatar Apr 06 '24 21:04 Ypot

An app allowed to connect, keeps downloading, isn't blocked by the firewall.

Existing connections aren't dropped. We could do so as the code to accomplish this already exists (#932), but to do this automatically would be too disruptive.

  • We could let the user toggle ON or OFF as per their preference:
    • Either: Block active connections as rules change
    • Or: Block active connections when device is locked
  • Alternatively, we can provide a button to reset / finish ALL active connections.

Which option do you think makes more sense?

ignoramous avatar Apr 06 '24 22:04 ignoramous

Hi

My suggestion is to have the option to set a delay.

For example: after the phone is blocked, to set how many minutes till the firewall drops all the established connections.

If the default is set, for example, to 1000000 (no connection is drop) and the user can change it, there would be no behavior disruption. In this way, user could choose a delay to finish ongoing downloads before the connection drops.

Ypot avatar Apr 06 '24 22:04 Ypot

Sorry, I don't get what this option means:

"Block active connections as rules change"

Ypot avatar Apr 06 '24 22:04 Ypot

We require a feature that immediately blocks all network traffic, similar to NetGuard or Pcapdroid, when we disable the app’s Wi-Fi or data. This is a significant issue. For instance, if I were to access a harmful website and start downloading a large file, I would want to terminate the connection instantly. However, the connection remains active.

If this feature isn’t implemented, the firewall’s functionality becomes ineffective.

smexyy avatar Apr 07 '24 03:04 smexyy

I understand. I like how netguard works. I think it would be:

  • We could let the user toggle ON or OFF as per their preference:

    • Either: Block active connections as rules change

I like this option. I can't imagine why users would change rules if they don't want to change immediately active connections.

  • Or: Block active connections when device is locked

I would add a configurable delay: Users would set how many minutes must pass after the device is locked, for the connections to be blocked.

  • Alternatively, we can provide a button to reset / finish ALL active connections.

That would be another feature, compatible with the two other.

Which option do you think makes more sense?

I suppose all of them... Too much work?

Ypot avatar Apr 07 '24 05:04 Ypot

can't imagine why users would change rules if they don't want to change immediately active connections.

Yeah you're right. In fact, Rethink already implements this for IP and domain rules. Just not for universal rules:

  • #932

Users would set how many minutes must pass after the device is locked, for the connections to be blocked.

Such things confuse all but power users. We've already got too many open feature requests asking us to simplify the UI.

Too much work?

Not really. The code to achieve this is already in production. Just that UI knobs don't exist.

I'm inclined to close active connections automatically without user input.

ignoramous avatar Apr 07 '24 11:04 ignoramous

Users would set how many minutes must pass after the device is locked, for the connections to be blocked.

Such things confuse all but power users. We've already got too many open feature requests asking us to simplify the UI.

[...]

I'm inclined to close active connections automatically without user input.

If you want to close active connections when phone is locked, the delay could be done in a way that users are not confused.

For example, Netguard closes all connections when screen is off. No confusion for users. But I recently discovered that it has the option to delay the internet blocking after the screen is off, which I found very useful. In resume, it is a great option for power users, while noobs just get the default behavior.

Ypot avatar Apr 07 '24 12:04 Ypot

I think it's a no-brainer - if you decide to block an app or make any changes to the settings, they should be implemented immediately. Nothing else needed, no delays, no restart clicks, just do it.

luckygitt avatar Apr 08 '24 06:04 luckygitt

if you decide to block an app or make any changes to the settings, they should be implemented immediately

That already happens today. This bug is about terminating existing active connections because the device was locked.

ignoramous avatar Apr 08 '24 09:04 ignoramous

if you decide to block an app or make any changes to the settings, they should be implemented immediately

That already happens today. This bug is about terminating existing active connections because the device was locked.

Please, we need to terminate the active connection when toogle off any app wifi/data not only in device locked.

smexyy avatar Apr 08 '24 13:04 smexyy

we need to terminate the active connection when toogle off any app wifi/data

This already is the case today. If not, that's a bug.

ignoramous avatar Apr 08 '24 17:04 ignoramous