August 10th, 2024

OpenSnitch is a GNU/Linux interactive application firewall

OpenSnitch is a GNU/Linux application firewall that filters outbound connections, blocks unwanted domains, features a user-friendly GUI, supports centralized management, and offers easy installation and community support.

Read original articleLink Icon
FrustrationSatisfactionCuriosity
OpenSnitch is a GNU/Linux interactive application firewall

OpenSnitch is a GNU/Linux application firewall that focuses on filtering interactive outbound connections, enabling users to block ads, trackers, and malware domains across their system. It features a graphical user interface (GUI) that simplifies the configuration of the system firewall using nftables. OpenSnitch supports centralized management of multiple nodes and integrates with Security Information and Event Management (SIEM) systems, enhancing its utility for users managing complex network environments. Installation is straightforward for both Debian-based and RPM-based systems, with commands provided for easy setup. Users can access the GUI post-installation to manage their firewall settings. The project encourages community engagement through platforms like Discord and offers extensive documentation for users seeking more information. OpenSnitch has also been highlighted in various publications, showcasing its relevance in the cybersecurity landscape.

- OpenSnitch filters interactive outbound connections and blocks unwanted domains.

- It provides a user-friendly GUI for firewall configuration.

- The application supports centralized management of multiple nodes.

- Installation is simple for both Debian and RPM-based systems.

- Community support is available through Discord and comprehensive documentation.

AI: What people are saying
The comments on OpenSnitch reveal a mix of user experiences and inquiries about the application firewall.
  • Users appreciate the user-friendly GUI and integration with package managers, making maintenance easier.
  • Some express concerns about the limitations of whitelisting and the potential for malware to exploit whitelisted tools.
  • There are requests for similar applications on Android and MacOS, indicating interest in broader compatibility.
  • Users report issues with crashes and temporary rules not being cleared, suggesting areas for improvement.
  • Comparisons with other firewalls like UFW highlight a desire for clarity on features and functionality.
Link Icon 14 comments
By @samlinnfer - 6 months
I've tried to use it extensively (as an interactive firewall). However there are just some problems (that are not the fault of OpenSnitch) that I'm not even sure that are even solvable.

For example, supposed I run `curl` on the terminal, I can either always decide on a case-by-case basis to allow it thru, or I'm required to whitelist it permanently. Once I've whitelisted generic tools like `curl` or `wget`, then the floodgates are really open, since any malware that have compromised my machine can just use `curl` or `wget` to get to the internet without hitting the firewall.

By @stusmall - 6 months
This is what finally got me over to NixOS. In the past when I've used application firewalls its a lot of set up that often breaks on updates changing paths or I have to redo it all whenever I move to a new computer. Just tons and tons of churn and wasted effort.

By integrating with the package manager that hasn't been an issue. Once I got through the initial work of setting up my whitelists I just have a little bit of effort each time I add a new package to my nix configs. If I don't want to take on the effort of adding a whitelist to my nix config, I can just add a temporary whitelist that lasts until the next reboot.

It was a steep learning curve and a lot of work, but now its a breeze to maintain.

By @mixmastamyk - 6 months
This is great for catching sloppy apps that make an excessive number of connections. Thunderbird, I’m looking at you.

I like it, but it has a small annoyance in that the temporary rules that have expired don’t get deleted or marked in the interface. So I have to restart the gui once in a while to clear them.

By @irundebian - 6 months
Can recommend it on Fedora over fiddling with firewalld/firewall-config.
By @meonkeys - 6 months
I'd love something sorta like this but for Docker containers running APIs or web services. Like:

containerA: all outbound traffic allowed

containerB: no outbound traffic allowed, except to reply to a client

containerC: may only reach out to updates.example.com

Is this just per-container iptables? I could wedge iptables into existing images but it seems like a lot of work.

Or maybe something with iptables on the host?

By @orkj - 6 months
Does something like this exist for my phone, android specifically? Any good recommendations?
By @vhguru - 6 months
Would be great to have Arch and OpenSUSE packages too.
By @vlovich123 - 6 months
How does this compare with something like UFW? Is the main thing a UI to view ongoing activity?
By @kerkeslager - 6 months
Is there any plan to port this to MacOS? I use Little Snitch (which this is obviously influenced by) for a while, but really prefer open source (for reasons unrelated to payment).
By @ranger_danger - 6 months
I have tried to use it off and on many times, but all the random crashes I get really make it very difficult.
By @michaelmrose - 6 months
Has anyone ever in history had an issue prevented by such a firewall?
By @amingilani - 6 months
Is there an open source equivalent for MacOS?