After falling in love with NetGuard for Android, I started looking for a firewall on my Linux machine that needs no setup or maintenance and I found exactly what I was looking for in evilsocket/opensnitch, so here is a blog explaining the features of opensnitch.
1. Powerful Permission Popups
When an application that does not have internet access is started, a popup with a lot of handy options will appear, enabling you to allow or reject the internet access request.
From this popup itself, we can configure a lot of things, e.g:
- You can allow a permission only for a specific amount of time. (1 hour in the image).
- You can allow all requests from the executable to any destination or only a particular destination.
- You can even whitelist a destination so that any executable can send a request to it.
- You can lock a port so that the executable can only use a particular port to interact with the network.
- You can block which user can send this request so that some other user running on the machine doesn’t get the permission for free.
Check your opensnitch settings for configurations.
2. Complex Rules (Regex | List | Simple)
From regex to simple destination rules, we have lot options at our disposal.
Allowing only a certain protocols, using regex to set the allowed list of hosts or executable or allowing only a certain set of destination IP addresses. We can do it all. The rules are read alphabetically, hence if we name our rules properly, we can give different rules by the same executable for the different destinations, example blocking telemetry by an application while allowing other requests. More about configurations is available in documentation.
3. Monitoring network
We can not just control who accesses the network, but also monitor information about access requests.
Here in the screenshot, we can see that spotify and firefox-esr requested for internet access and they were allowed the same, according to my rules. We can even filter these records based on destination, process, rule-name etc to get insight about who is contacting mother-ship and who is quite when not in use.
We can even checkout the “Hosts” tab to see the most contacted destinations and get the same information arranged by application, IP addresses, ports and users to find the outliers, poorly written applications or shady applications.
4. Rules in CSV & JSON
I don’t use a lot of applications because they write their data in unreadable formats, which either gives you a vendor lock or a long process to move your data manually. This is not the case for opensnitch, you can export / import data from CSV. Not just that, you can also manipulate the CSV data to create new rules.
Example, the following CSV denies all internet access to vscode.
time,node,name,enabled,precedence,action,duration,operator_type,operator_sensitive,operator_operand,operator_data
2021-07-25 16:22:30.260624,unix:/local,deny-code-internet,True,False,deny,always,simple,False,process.path,/usr/share/code/codeYou can also create a more readable JSON file as given in the documentation.
5. More
Features don’t end there, we have more:
1. While we can call the UI using the opensnitch-ui command. We can also manipulate the firewall using CLI.
2. Want it for ARM architecture? There are docs for compiling for armhr & arm64 as well.
Conclusion
I have been using OpenSnitch for a while now and I am satisfied with the simplicity and application level protection it provides.
Of course, application level protection is not enough and a Pi-hole is a better solution, but the advantage of this solution is that it comes with no additional devices connected in your network and needs no setup, just install and we are ready!
If you want me to create a YouTube video of it showing the features in action; please let me know.
Hope this gave you a basic introduction to the features available in oOpenSnitch, Good luck with your network security setup.
