Feature Request: Add allow rules in the background for all endpoints individually to review later

[haroondilshad]

I would like to reference #540 here and request a feature. I originally thought passive mode will silently allow and add rules individually for all processes and the endpoints they are contacting but I was wrong after reading the referenced issue. It's next to impossible to review everything while it happens so you are left with either drop everything or accept everything. I think it makes a lot of sense to add one more condition on top that keeps adding all these endpoints as allow rules corresponding to their respective programs so that the user can decide at a later date which endpoints to deny.

[objective-see]

New in https://github.com/objective-see/LuLu/releases/tag/v2.9.6: passive mode with settings to also (automatically) create rules:

You can then see such rules under the new "Recent Rules" view in the Rule's window

[haroondilshad]

This is amazing and I can confirm that it works. Only, I feel like I should've been more descriptive. Right now, all rules added for all programs are any address: any port which is not very useful because a later-in-time audit would involve all programs with list of all endpoints that they tried to connect to. The user might want to keep some core endpoints allowed and reject any suspicious or unnecessary ones. A program like a browser for example which is actually used to connect to all sorts of endpoints doesn't necessarily need to follow the same strategy, however.