What does HackerNews think of opensnitch?
OpenSnitch is a GNU/Linux port of the Little Snitch application firewall
(TCP View is not really a firewall however, it just lets you inspect traffic, but not block it or filter it)
https://github.com/evilsocket/opensnitch (Linux)
https://www.obdev.at/products/littlesnitch/index.html (Mac)
https://www.glasswire.com/ (Windows)
https://docs.microsoft.com/en-us/sysinternals/downloads/tcpv... (Windows)
an exploit that cannot communicate is likely benign and easy to detect in the attempt.
monitor all outbound network connections with a gui prompt that defaults to deny. whitelist trusted domains/ip for a better experience and a bit less security.
macos has littlesnitch[1], linux has opensnitch[2], or roll your own on libnetfilterqueue[3].
bonus points if the filtering happens upstream at a router or wireguard host so a compromised machine cannot easily disable filtering.
bonus points if the filtering is at executable level granularity instead of system level.
1. https://www.obdev.at/products/littlesnitch/index.html
Never used it myself, only remembering it from my thesis days about essentially the same topic. I see they made the jump away from Python to Go and I'm also somewhat surprised the project is not only still active, but appears to have matured nicely. Guess I'll have to check it out now!
Here's the initial HN discussion of OpenSnitch from 5 years ago: https://news.ycombinator.com/item?id=14245270
https://github.com/evilsocket/opensnitch https://github.com/kushaldas/unoon https://github.com/nsntrace/nsntrace https://wiki.debian.org/PrivacyIssues#Detection_tools
https://github.com/evilsocket/opensnitch
I don't use it all the time but it is occasionally useful (or just satisfies my curiosity about what's phoning home)
Mail server example:
iptables -I OUTPUT -o eth0 -m owner --uid-owner postfix -p tcp --syn --dport 25 -j ACCEPT
Started fighting macOS telemetry and refused transition to Linux partially because of absence of LS alternative. Since Open Snitch I happily run my personal computer with PureOS. https://github.com/evilsocket/opensnitch
The amount of system mothership calling on any platform is mind boggling. And everything has "rational" and "it is inevitable" attached to it. My Firefox looks like Christmas Tree from extensions and my about:config is taking too long to set properly. What a beautiful future we are creating. :)
For Windows you can try Portmaster: https://safing.io/portmaster/
or Glasswire: https://www.glasswire.com/?os=win
[1] https://github.com/evilsocket/opensnitch
[2] https://old.reddit.com/r/linux/comments/od3h8b/audacity_may_...
Is there a comparable thing for network access? Last I looked OpenSnitch seemed to be unmaintained, but looking just now it apparently has some commits on master recently again:
It has a GUI interface as well.
even benign apps that phone home like pulumi and terraform are fun to see and block with annoying popups.
monitoring egress really is the only realistic play. i rolled my own[1], inspired by opensnitch[2].
netfilter_queue is really great, and definitely makes annoying popup dynamic firewalls possible.
1. https://github.com/nathants/tinysnitch 2. https://github.com/evilsocket/opensnitch
However, if you allow everything to 80/443, the extensions would still be able to connect to their servers. Maybe the browsers should add the ability to allow/deny connections per extension.
https://github.com/gustavo-iniguez-goya/opensnitch/issues/21
A fork seems to be relatively alive [2] and I use it personally -- it works well, but is a bit of a PITA to build. Time to buy the devs a coffee...
[1] https://github.com/evilsocket/opensnitch [2] https://github.com/gustavo-iniguez-goya/opensnitch
To be fair I haven't looked at the state of Linux app firewalls in years, maybe there's something better available, but *tables is not it.
Tilix is very much like iTerm2. Simple to use too.
https://github.com/evilsocket/opensnitch
I'm not sure how active it is (no recent activity and there seem to be a lot of forks)
I tried to include small/interesting repos to do weird/cool things so people can learn about it. Eg, this code: https://github.com/evilsocket/opensnitch (UI in Python but the logic is Go)
---
Admittedly, I'm a noob so I would be happy to hear about alternatives.
1) pi-hole
2) steve blacks hosts file
3) ublock origin
3 = most conservative filtering configuration that can easily be tweaked from the browser
2 = use modules (-e gambling -e porn etc)
1 = most basic blocking configuration
protip: if you can live with not accessing unicode domains at all (counter measure to avoid domain squatters and some phishermen) patch[1] your dnsmasq and add this in dnsmasq.conf:
address=/:xn--*:/0.0.0.0
EDIT: for mobile I used to have a VPS running openvpn. Make Android connect to the vpn by default routing all traffic through it. Run something like opensnitch[1] to MiTM and whitelist the mobile traffic and sinkhole shit you want to get rid off. This isn't for the fainthearted since new versions of apps might make different API calls and break your rules. Apps will just stop working. If you only have 2 or 3 apps and want to kill traffic from built-in carrier spyware it works nicely and is well worth the effort. Nice way to study what your device does. https://github.com/evilsocket/opensnitch
Haven't used it though.
But at-least macOS has little snitch, closest for Linux was opensnitch which was announced on HN few months back - https://github.com/evilsocket/opensnitch/ but I'm not sure whether it's actively being developed though.