[Feature Request] Closing the pop-up may counterintuitively create "Forever" Deny rule

[tredondo]

Imagine the popup defaults are "Forever" and "Deny", while the user "teaches" OpenSnitch the rules.

Then a dubious connection is attempted, one the user doesn't quite know how to handle... so they close the pop-up. What should happen in this case?

Intuitively, I'd say a "Once" rule should be created to deny that connection. But instead, OpenSnitch will create a rule to forever deny all connections initiated by the executable. This may be technically correct because "Forever" was the default duration, but it feels counterintuitive.

Result:

Suggestion: maybe deny the connection but don't create any rule since the connection was denied already? Or do create the rule as a way to log the action?

Update

By contrast, letting the pop-up window go away on its own, would create a 30-second Deny rule.