OpenSnitch is a GNU/Linux application firewall.
Key features
Interactive outbound connections filtering.
Block ads, trackers or malware domains system wide.
Ability to configure system firewall from the GUI (nftables).
Configure input policy, allow inbound services, etc.
Manage multiple nodes from a centralized GUI.
SIEM integration
Homepage
Download
Recent Releases
1.6.729 Dec 2024 09:05
minor feature:
lt;p gt;GUI release. lt;/p gt;.
lt;h2 gt; lt;/h2 gt;.
lt;ul gt;.
lt;li gt;do not verify lists path on remote nodes - lt;a class="commit-link" data-hovercard-type="commit" data-hovercard-url="https://github.com/evilsocket/opensnitch/commit/446cb1ad099f224650fbb4ee7c3aa68d15b0bd6d/hovercard" href="https://github.com/evilsocket/opensnitch/commit/446cb1ad099f224650fbb4ee7c3aa68d15b0bd6d" gt; lt;tt gt;446cb1a lt;/tt gt; lt;/a gt; lt;/li gt;.
lt;li gt;delay closing the GUI - lt;a class="commit-link" data-hovercard-type="commit" data-hovercard-url="https://github.com/evilsocket/opensnitch/commit/36f9242e11b5feca81c3a3125d0d415160ad67d6/hovercard" href="https://github.com/evilsocket/opensnitch/commit/36f9242e11b5feca81c3a3125d0d415160ad67d6" gt; lt;tt gt;36f9242 lt;/tt gt; lt;/a gt; lt;/li gt;.
lt;li gt;exception getting node address when adding a new rule - lt;a class="commit-link" data-hovercard-type="commit" data-hovercard-url="https://github.com/evilsocket/opensnitch/commit/99cd9f1d456280dd0adc0651d3794569c2827926/hovercard" href="https://github.com/evilsocket/opensnitch/commit/99cd9f1d456280dd0adc0651d3794569c2827926" gt; lt;tt gt;99cd9f1 lt;/tt gt; lt;/a gt;) lt;/li gt;.
lt;li gt;restoring policies when disabling the firewall - lt;a class="commit-link" data-hovercard-type="commit" data-hovercard-url="https://github.com/evilsocket/opensnitch/commit/12baf1a7d393cc57d33d8705acd77d0c473a95cd/hovercard" href="https://github.com/evilsocket/opensnitch/commit/12baf1a7d393cc57d33d8705acd77d0c473a95cd" gt; lt;tt gt;12baf1a lt;/tt gt; lt;/a gt; lt;/li gt;.
lt;li gt;enabling/disabling global firewall button - lt;a class="commit-link" data-hovercard-type="commit" data-hovercard-url="https://github.com/evilsocket/opensnitch/commit/ee089af79b01957e398ae4a6106b3855129ef313/hovercard" href="https://github.com/evilsocket/opensnitch/commit/ee089af79b01957e398ae4a6106b3855129ef313" gt; lt;tt gt;ee089af lt;/tt gt; lt;/a gt; lt;/li gt;.
lt;li gt;searching in tabs Users, Nodes - lt;a
1.6.602 Jul 2024 19:25
minor feature:
lt;h2 gt; lt;/h2 gt;.
lt;ul gt;.
lt;li gt;exporting/importing rules lt;/li gt;.
lt;li gt; daemon Remove duplicate regex in system.go for -check-requirements lt;/li gt;.
lt;li gt; GUI keep working if pyinotify fails loading lt;/li gt;.
lt;/ul gt;.
lt;h2 gt;What has changed lt;/h2 gt;.
lt;h4 gt;Improvements lt;/h4 gt;.
lt;ul gt;.
lt;li gt;allow to easily configure rules without the GUI lt;/li gt;.
lt;li gt; daemon eBPF performance improvement handling exit events ( lt;a class="commit-link" data-hovercard-type="commit" data-hovercard-url="https://github.com/evilsocket/opensnitch/commit/15fcf6753516a1e22add87cb2b4f5de4a14540ec/hovercard" href="https://github.com/evilsocket/opensnitch/commit/15fcf6753516a1e22add87cb2b4f5de4a14540ec" gt; lt;tt gt;15fcf67 lt;/tt gt; lt;/a gt;) lt;/li gt;.
lt;li gt; daemon eBPF disable events on too many errors lt;/li gt;.
lt;li gt; daemon added more kernel config paths for checking system requirements lt;/li gt;.
lt;li gt; GUI improved authentication options ( lt;a class="commit-link" data-hovercard-type="commit" data-hovercard-url="https://github.com/evilsocket/opensnitch/commit/ff407e72af7e023b290b9963e9c734d91d640f0b/hovercard" href="https://github.com/evilsocket/opensnitch/commit/ff407e72af7e023b290b9963e9c734d91d640f0b" gt; lt;tt gt;ff407e7 lt;/tt gt; lt;/a gt;, lt;a class="commit-link" data-hovercard-type="commit" data-hovercard-url="https://github.com/evilsocket/opensnitch/commit/c5409755bc3cafe386488ebe499ff96b9b3bac08/hovercard" href="https://github.com/evilsocket/opensnitch/commit/c5409755bc3cafe386488ebe499ff96b9b3bac08" gt; lt;tt gt;c540975 lt;/tt gt; lt;/a gt;) lt;/li gt;.
lt;li gt; GUI improve wording lt;/li gt;.
lt;li gt; GUI ignore SameFile error when enabling autostart ( lt;a class="commit-link" data-hovercard-type="commit" data-hovercard-url="https://github.com/evilsocket/opensnitch/commit/03439f4f9cffc42a0b7c30fc4743ff3ea773400d/hovercard" href="https://github.com/evilsocket/opensnitch/commit/03439f4f9cffc42
1.6.5.112 Feb 2024 09:25
minor feature:
lt;ul gt;.
lt;li gt;when using the GUI with multiple remote nodes. lt;a class="-link js--link" data-error-text="Failed to load title" data-id="2126814442" data-permission-text="Title is private" data-url="https://github.com/evilsocket/opensnitch//1093" data-hovercard-type="" data-hovercard-url="/evilsocket/opensnitch//1093/hovercard" href="https://github.com/evilsocket/opensnitch//1093" gt;#1093 lt;/a gt; lt;/li gt;.
lt;/ul gt;.
lt;p gt; lt;strong gt;Full Changelog lt;/strong gt;: lt;a class="commit-link" href="https://github.com/evilsocket/opensnitch/compare/v1.6.5...v1.6.5.1" gt; lt;tt gt;v1.6.5...v1.6.5.1 lt;/tt gt; lt;/a gt; lt;/p gt;.
1.6.509 Feb 2024 02:44
minor bugfix:
Bug fixes
daemon Fixed segfault on exit #919 , 24fd94c
daemon Fixed DNS uprobes 5d33f41
GUI Fixed adding rules to the db from context menu #1027 , ec3f515
What has changed
Improvements
daemon Strings concatenation improvements (reduces mem usage, notably) b9ec524
daemon Stop established connections monitor after n errors (not to waste resources) 871238e
daemon Clean DNS eBPF hooks on exit , da99686
New features
daemon Allow to configure the path of rules directory (#449, 6bd1fe8), config file (from cli) and eBPF modules (#928 5c6da0a)
GUI allow to configure refresh interval (#1073 , 435dffc)
Known bugs
DNS eBPF module does not work on armhf and i386 arquitectures. See the commits for more info and if you can help don't hesitate to open a PR or drop a comment :) c514946 , 9a6dfe7
opensnitch-procs eBPF module behaves a bit erratic on arm64 architecture (not new of this release) - d2d89e2
Full Changelog: v1.6.4...v1.6.5
1.6.428 Nov 2023 12:30
minor bugfix:
https://github.com/evilsocket/opensnitch/releases/tag/v1.6.4
1.6.327 Aug 2023 01:22
minor bugfix:
Only GUI packages updated.
Bug fix
Fixed error when setting DefaultAction to the daemon after connect to the GUI (#1017).
What's Changed
Introduce Sqlite WAL journal mode by @lainedfles in #1011
1.6.227 Aug 2023 01:21
minor feature:
1.6.128 Jul 2023 23:34
minor feature:
Added support to secure communications between the daemon and the GUI with SSL certificates (12b4cf3)
More info: https://github.com/evilsocket/opensnitch/wiki/Nodes-authentication#nodes-authentication-added-in-v161
TODO (WIP): Configure daemon auth options from the GUI.
System fw: report any error when applying rules (8740755)
Rules to intercept outbound connections changed (e090833, 26b8415)
Discussion with the details: #995
What's Changed
Allow to configure GUI autostart option by @munix9 in #964
Allow starting the GUI in background when the systray not available by @WojtekWidomski in #975
Dinit service file by @jackffmm in #969
Use temporary files instead of piping in ebpf Makefile by @nnsee in #985
i18n: update Brazilian Portuguese translation by @tioguda in #974
Add basic Traditional Chinese locale by @PeterDaveHello in #997
Better errors when the eBPF modules fail loading (662cd2e)
|