fix(ui): use temporary duration when popup times out (#1385) #1500

po-nuvai · 2026-01-04T11:11:02Z

Summary

Fixes #1385 - Expiring advanced view pop-up will create blanket deny rule for application if "Destination IP" is not checked

The Problem

When a popup expires (times out) without user interaction, it currently applies all the configured default settings, including the duration. If the user has "forever" as the default duration, this creates permanent blanket deny rules when the user is away from the machine.

This is dangerous behavior for a security application - a user who steps away shouldn't return to find their applications permanently blocked.

The Fix

When _timeout_triggered is True, the duration is now forced to "once" instead of using the configured default:

if self._timeout_triggered:
    self._rule.duration = Config.DURATION_ONCE
else:
    self._rule.duration = utils.get_duration(self.durationCombo.currentIndex())

Behavior Change

Scenario	Before	After
User clicks Allow/Deny	Uses selected duration	Uses selected duration (unchanged)
Popup times out	Uses default duration (could be "forever")	Forces "once" duration

Rationale

Explicit confirmation = full control: When the user actively clicks, they're confirming their choice including the duration
Timeout = conservative default: When the popup expires unattended, the system shouldn't make permanent decisions
Desktop notifications still inform: The user will see a notification about the temporary rule and can review/make permanent in the Rules tab

Test Plan

Set default duration to "forever" and default action to "deny"
Trigger a popup for a new connection
Let the popup expire without clicking
Verify the created rule has duration "once" (not "forever")
Verify actively clicking Deny creates a "forever" rule
Verify notification is still shown for the timeout rule

🤖 Generated with Claude Code

When a popup expires without user interaction, now always uses "once" duration instead of the configured default. This prevents creating permanent blanket deny rules when the user is away from the machine. Before: popup timeout -> applies all default settings including "forever" After: popup timeout -> applies action but forces duration to "once" Only explicit user confirmation (clicking Allow/Deny) should create permanent rules. Unattended timeouts are now conservative. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

gustavo-iniguez-goya · 2026-01-04T11:33:24Z

There's a discussion open, and this is not a bug, it's the intended behaviour.
On the other hand the behaviour is configurable by the user, and since some versions ago the default duration is 12h.

po-nuvai mentioned this pull request Jan 4, 2026

Fix multiple issues and add features: regex case, eBPF loading, KDE ghost window, edit rule, RPM compression, add rule button #1494

Closed

6 tasks

po-nuvai force-pushed the fix/timeout-duration-1385 branch from c61a06d to 325fdff Compare January 4, 2026 11:23

gustavo-iniguez-goya closed this Jan 4, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix(ui): use temporary duration when popup times out (#1385) #1500

fix(ui): use temporary duration when popup times out (#1385) #1500

Uh oh!

po-nuvai commented Jan 4, 2026

Uh oh!

gustavo-iniguez-goya commented Jan 4, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

fix(ui): use temporary duration when popup times out (#1385) #1500

fix(ui): use temporary duration when popup times out (#1385) #1500

Uh oh!

Conversation

po-nuvai commented Jan 4, 2026

Summary

The Problem

The Fix

Behavior Change

Rationale

Test Plan

Uh oh!

gustavo-iniguez-goya commented Jan 4, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants