ignoramous
ignoramous
A user wrote that they were uber confused with what "`Nobody`" mean in the proxy dialogs (DNS and SOCKS5). We need either an `i`nformational icon like we have in Orbot...
A user writes, > One suggestion or feature request I'd like to make (or if already done let know I'd be interested too) is about the firewall: some possibility to...
Instead of letting the user deny requests, allow only those that a user allows, denying all other requests by default. See: [krausefx/per-app-network-sandbox](https://krausefx.com/blog/ios-app-network-sandboxing). Depends on #270
It isn't really possible to know which app sent a DNS request, but what could be done is: 1. Learn from previous queries (names) and answers (IPs) and send the...
[dnscrypt-proxy](https://github.com/dnscrypt-proxy/dnscrypt-proxy) does not forward _undelegated_ domain names, which it hard-codes to: ``` "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa", "0.in-addr.arpa", "1", "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa", "10.in-addr.arpa", "100.100.in-addr.arpa", "100.51.198.in-addr.arpa", "101.100.in-addr.arpa", "102.100.in-addr.arpa", "103.100.in-addr.arpa", "104.100.in-addr.arpa", "105.100.in-addr.arpa", "106.100.in-addr.arpa", "107.100.in-addr.arpa", "108.100.in-addr.arpa", "109.100.in-addr.arpa", "110.100.in-addr.arpa", "111.100.in-addr.arpa",...
The RethinkDNS resolver supports it, the client doesn't. Ref: https://github.com/folbricht/routedns/blob/3f8208d4/dohclient.go#L236-L256
Underlying networks may themselves come with specific-configuration (for [`WIFI`](https://developer.android.com/reference/android/net/NetworkCapabilities#TRANSPORT_WIFI) and [`CELLULAR`](https://developer.android.com/reference/android/net/NetworkCapabilities#TRANSPORT_CELLULAR) transport types _at least_). In this case, if underlying network sets a http-proxy, [VPN's own http-proxy setting](https://developer.android.com/reference/android/net/VpnService.Builder#setHttpProxy(android.net.ProxyInfo)) should be...
That list can be retrieved from `android.provider.Settings.Secure` key'd to `ALWAYS_ON_VPN_LOCKDOWN_WHITELIST`. https://cs.android.com/android/platform/superproject/+/android-11.0.0_r3:frameworks/base/core/java/android/provider/Settings.java;l=6283-6291
Blokada integrates with Cloudflare's BoringTun and that looks pretty straight-forward. Wireguard's official cross-platform implementation is in golang (being rewritten in Rust?) and so the integration could be relatively simpler than...
The firewall mode shouldn't block localhost TCP and UDP. May be it also shouldn't block connections on the private IPv4 (v6 isn't supported) space? May be it should. Interestingly, some...