Some enhancements

[obeho]

Hello,

I would like to see these implemented, if you think they are deserving.

1. TCP Fast Open, as outlined by RFC 7413 {this is for the resolver}
2. The current hierarchy in the app settings, is Whitelist>Block this app from connecting to the internet. This is fine. But the other,
   Whitelist>Block all apps from connecting to this IP, this should be inverse. Because the IP blacklist should be on the highest
   level, else it doesn't make sense to manually blocking an IP, only for it to be overidden by another setting (which could've
   been inadvertently toggled by a bug).
3. A pop-up notification to the user if a connection originating from 'a set of chosen apps' went through (not blocked). (Network
   connection not DNS)

Thanks

[ignoramous]

Thanks.

Re 1: Looks like golang decided to not support TCP Fast Open, per isobar.com/the-sad-story-of-tcp-fast-open. RethinkDNS uses golang underneath for DoH and DNSCrypt connections.

Re 2: Whitelist is really whitelist it from all firewall rules. Having rules interact with inter-weaving overlaps is confusing, though I see why a power user might want such a thing. Whitelist, is really, an option to exempt an app from all confusing rules; as an escape hatch to let them use the app as approp. To your point though, we do plan a UX overhaul by April, 2021 where rules are set "per app" and not "system wide".

Re 3: An "alerts" / "notification" page (like Guardian Firewall, Glasswire Firewall etc) is planned for April, as well.