If you’re looking for an application firewall for your Linux box, you must’ve heard of OpenSnitch. The bad news is that the original project is no longer under active development. The good news is that OpenSnitch has been forked.
If you’ve never heard of the project, OpenSnitch is a free and open-source application-level firewall for Linux. It contains a daemon written in Go and a GUI controller written in Python.
The firewall monitors outbound connections and allows or denies the connections based on a set of rules defined by you, the user. Basically, OpenSnitch is a free and open-source port of the popular Little Snitch firewall for macOS.
NOTE: Although OpenSnitch has been forked and it’s now under active development, just like the original project, the fork is wok in progress.
INSTALLATION
If you want to install OpenSnitch, you can either compile from source or use the .deb and .rpm packages made available by the developer. Arch users, and other distros based on Arch, can install OpenSnitch from the AUR ( yay -S opensnitch-git).
USING OpenSnitch
After installation, open up the GUI and you will might notice that the daemon isn’t running.
If you check the status of the daemon, you’ll notice that it needs to be enabled and started.
You can easily do that with systemctl enable opensnitchd.service and then systemctl start opensnitchd.service. If you check the daemon status again you will notice that now it’s active and running.
Next thing you should do is make sure the OpenSnitch GUI will be started automatically everytime you reboot. How you do that? Depends on your distro. Look for something like Session and Startup and add /usr/bin/opensnitch-ui.
Now let’s see how the firewall works. Well, it pretty much works like any other firewall. Once an app or process tries to access the internet you will be prompted and asked if you want to allow or deny the connection.
The dialog prompt contains info about the app or process name, the domain name/IP it’s trying to connect to, port, source IP, destination IP and port, user ID and process ID.
You can also allow/deny the connection from the current process ( or port, user ID etc ) and allow/deny the connection once, for a predefined number of seconds/minutes, for the current session or forever.
The GUI also offers quick access to the OpenSnitch network statistics, which you can save to a .csv file by clicking on the Save button in the top left corner.
The other buttons allow you to access the UI, Nodes and Database settings, manually create rules and quickly enable/disable the firewall.
If you want to edit/delete existing rules you can either manually edit the rule files found in /etc/opensnitchd/rules/ or from the GUI, go to the Rules tab > find the rule you want to edit/delete > double click on the rule in the name column > edit/delete the rule.
For more info, FAQs and troubleshooting make sure you read the documentation.