add a gui to set iptables rules per-app, per-connection type, per-user

[subproc]

like does afwall but embedded in the rom...i don't know how much difficult could be, but would be a nice feature for a finegrained control of the network traffic

[theodormachnich]

This is what I miss at the moment to use the Nexus 5x whit copperhead at the moment productively....

[theodormachnich]

This is what I miss at the moment to use the Nexus 5x whit copperhead at the moment productively....

[vn971]

If I understand it correctly, Copperhead is about security, and firewall-ing is about privacy, so it's not a 100% match. Then again, it's close enough in my opinion, and lots of people who want security also do want privacy and control ovew what goes to the wire.
I would be very happy to see such a functionality in Copperhead. That's the only (but very important!) thing I miss coming from CM.

[vn971]

If I understand it correctly, Copperhead is about security, and firewall-ing is about privacy, so it's not a 100% match. Then again, it's close enough in my opinion, and lots of people who want security also do want privacy and control ovew what goes to the wire.
I would be very happy to see such a functionality in Copperhead. That's the only (but very important!) thing I miss coming from CM.

[vn971]

BTW, if I uderstand it correctly, it is possible to write a user-space app that would do firewall-ing using the VPN functionality. Would it be "correct" meaning no data leaks at start-up etc? Would it allow per-app configuration? Would it be in line with Copperhead-s plans?

[vn971]

BTW, if I uderstand it correctly, it is possible to write a user-space app that would do firewall-ing using the VPN functionality. Would it be "correct" meaning no data leaks at start-up etc? Would it allow per-app configuration? Would it be in line with Copperhead-s plans?

[thestinger]

We're not going to ship something using the VPN feature. There's no plan to work on this feature but contributions would be welcome as always.

[thestinger]

We're not going to ship something using the VPN feature. There's no plan to work on this feature but contributions would be welcome as always.

[thestinger]

The design needs to be worked out before someone works on it, i.e. they should explain what they plan to do here so it can be discussed before investing the effort into it.

[thestinger]

The design needs to be worked out before someone works on it, i.e. they should explain what they plan to do here so it can be discussed before investing the effort into it.

[thestinger]

This isn't planned. Someone can start by implementing #128 and then further features can be considered but it needs to be mapped out as a feature that's genuinely useful and usable by end users. It's not enough to ask for control over the firewall. It needs to be specific and actionable. It doesn't look like anyone is interested in working on it anyway.

[thestinger]

This isn't planned. Someone can start by implementing #128 and then further features can be considered but it needs to be mapped out as a feature that's genuinely useful and usable by end users. It's not enough to ask for control over the firewall. It needs to be specific and actionable. It doesn't look like anyone is interested in working on it anyway.

[vn971]

to be mapped out as a feature that's genuinely useful and usable by end users. It's not enough to ask for control over the firewall.

doesn't this issue already provide evidence of interest? If even an "external" tool like AFWall is considered as very important for lots of users?
Anyway, what I am trying to say is -- even the most basic and "ugly-looking" functionality may be very valuable for lots of Copperhead users, as I expect.

[vn971]

to be mapped out as a feature that's genuinely useful and usable by end users. It's not enough to ask for control over the firewall.

doesn't this issue already provide evidence of interest? If even an "external" tool like AFWall is considered as very important for lots of users?
Anyway, what I am trying to say is -- even the most basic and "ugly-looking" functionality may be very valuable for lots of Copperhead users, as I expect.

[theodormachnich]

so true vn971, waiting for this...this will make copperhead much more interesting for everyone....

[theodormachnich]

so true vn971, waiting for this...this will make copperhead much more interesting for everyone....

[thestinger]

No one is working on it meaning there's no interest in it, and without a defined scope like the issues tagged as projects it wouldn't really be advisable to work on it. Once someone submits #128, further work down this path can be considered. It's not on the table until the basics are implemented.

[thestinger]

No one is working on it meaning there's no interest in it, and without a defined scope like the issues tagged as projects it wouldn't really be advisable to work on it. Once someone submits #128, further work down this path can be considered. It's not on the table until the basics are implemented.