Allow Higher Priority Rules or LAN Exceptions When "Force Block Incoming Connections" is Enabled

[n0one42]

Description:

I am using Portmaster as my main tool for DNS and firewall management on my system. However, I encountered an issue where enabling "Force Block Incoming Connections" blocks incoming traffic necessary for dnsmasq and libvirt to function properly. This setting currently has higher priority than any custom rules, making it impossible to allow the required traffic without disabling the feature entirely.

Steps to Reproduce:

1. Enable "Force Block Incoming Connections" in Portmaster.
2. Set up libvirt with a virtual network using dnsmasq.
3. Attempt to start a VM and observe that DNS within the VM does not function due to blocked incoming traffic.

Expected Behavior:
There should be a way to create higher priority rules or exceptions for LAN connections that allow necessary traffic for specific services like dnsmasq and libvirt while still blocking other unwanted incoming connections.

Current Behavior:
Currently, any rules set to allow this traffic are overridden by the "Force Block Incoming Connections" setting, making it impossible to enable the necessary traffic for dnsmasq and libvirt without disabling this setting entirely.

Proposed Solution:

1. Allow Higher Priority Rules: Enable users to create rules that can override the "Force Block Incoming Connections" setting, ensuring essential services can still function.
2. LAN Exceptions: Implement an option to allow exceptions for LAN connections even when "Force Block Incoming Connections" is enabled, ensuring internal network services are not disrupted.

Conclusion:
Implementing one of the proposed solutions will enhance Portmaster's usability by allowing users to maintain strict control over incoming connections while ensuring necessary services can operate without interruption.

Thank you for considering this suggestion. I am happy to provide further information or testing if required.

[github-actions]

Greetings and welcome to our community! As this is the first issue you opened here, we wanted to share some useful infos with you:

• 🗣️ Our community on Discord is super helpful and active. We also have an AI-enabled support bot that knows Portmaster well and can give you immediate help.
• 📖 The Wiki answers all common questions and has many important details. If you can't find an answer there, let us know, so we can add anything that's missing.

[n0one42]

This is how I temporarily resolved it. Or instead of LAN I could define 192.168.122.0/24 which is the default libvirt range.

Affected Rules:

[github-actions]

This issue has been automatically marked as inactive because it has not had activity in the past two months.

If no further activity occurs, this issue will be automatically closed in one week in order to increase our focus on active topics.

[n0one42]

Duno but in my opinion this should not be just an "suggestion"

[github-actions]

This issue has been automatically marked as inactive because it has not had activity in the past two months.

If no further activity occurs, this issue will be automatically closed in one week in order to increase our focus on active topics.

[github-actions]

This issue has been automatically closed because it has not had recent activity. Thank you for your contributions.

If the issue has not been resolved, you can find more information in our Wiki or continue the conversation on our Discord.