mirrors/opensnitch
1
0
Fork 0
mirror of https://github.com/evilsocket/opensnitch.git synced 2025-03-04 08:34:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Update Rules.md

Browse source
This commit is contained in:
Gustavo Iñiguez Goia 2023-06-11 02:26:55 +02:00 committed by GitHub
parent b332218403
commit 633620fd40
Failed to generate hash of commit
1 changed files with 3 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
wiki/Rules.md
View file

@ -189,11 +189,10 @@ Example of a complex rule using the operator _list_, saved from the GUI (Note: v
- Allow DNS queries only to your configured DNS nameservers: - Allow DNS queries only to your configured DNS nameservers:
⚠️ DNS protocol can be used to exfiltrate information from local networks. ⚠️ DNS protocol can be used to exfiltrate information from local networks.
* Allow `systemd-resolved`, `dnsmasq`, dnscrypt-proxy`, etc, connect only to your DNS nameservers + port 53 + UID. * Allow `systemd-resolved`, `dnsmasq`, `dnscrypt-proxy`, etc, connect only to your DNS nameservers + port 53 + UID.
* Besides allowing connections to remote DNS servers (9.9.9.9 for example), you may need to allow connections to localhost IPs (127.0.0.1, etc) * Besides allowing connections to remote DNS servers (9.9.9.9 for example), you may need to allow connections to localhost IPs (127.0.0.1, etc)
* The easiest way would we to delete your existing systemd-resolve rule, let it ask you again to allow/deny it, click on the `[+]` button and then select from the pop-up `from this command line` __AND__ to IP x.x.x.x __AND___ to port xxx * If you already allowed these stub resolvers, the easiest way would we to delete the existing rule, let it ask you again to allow/deny it, click on the `[+]` button and then select from the pop-up `from this command line` __AND__ to IP x.x.x.x __AND___ to port xxx
Even more
- Limit what an application can do as much as possible: - Limit what an application can do as much as possible:
* Filter by executable + command line: You don't want to allow `curl` or `wget` system wide. Instead, allow only a particular command line, for example: * Filter by executable + command line: You don't want to allow `curl` or `wget` system wide. Instead, allow only a particular command line, for example: