When using proc monitor method + interceptUnknown, allow to ask the user
about connections not associated with a process. Usually they're safe to
discard, but on some special cases it helps not disrupt some services.
Block of code to find connections via netstat moved to procmon/
Added more options for auto excluding/deleting temporary rules.
If the GUI was configured to store events to disk, you could end up
having thousands of temporary rules over time.
Closes: #622
Added ability to perform actions on different parts of the GUI, based on
conditions defined in json files.
There's only one Action of type Highlight for now, to colorize cells and
rows.
There're 3 Highlight actions defined by default:
- rules: applied to the rules view to colorize the columns Enabled and
Action.
- firewall: applied to the fw rules to colorize the columns Action and
Enabled.
- common: applied to the rest of the views to colorize the column
Action.
Users can add new actions to the directory
~/.config/opensnitch/actions/, as .json files. The format is defined
below.
Example of a Highlight action to colorize cells and rows, based on
different texts (simple texts/strings for now):
{
"name": "commonDelegateConfig",
"actions": {
"highlight": {
"cells": [
{
"text": ["allow", "✓ online"],
"cols": [1, 2, 3],
"color": "green",
"bgcolor": "",
"alignment": ["center"]
}
],
"rows": [
{
"text": ["block-domains"],
"cols": [8],
"color": "white",
"bgcolor": "darkMagenta",
"alignment": []
}
]
}
}
Closes: #555
- Fixed crash on Wayland (Fedora 37) when setting the minimum and
maximum size of a pop-up. setMinimumSize() makes crash the GUI.
- With the above fix, we don't need to set QT_QPA_PLATFORM
(Closes: #794)
Display what versions is using the GUI. It'll help to debug issues.
For next releases we may need to check incompatibilities between grpc
and protobuf (#790).
Under certain situation, checking fw status caused an exception
loading the GUI when new nodes connected.
What caused this error is unknown, so for now we'll protect the GUI from
crashing.
Closes#790
On some kernels (4.19), adding the interception rule to the
inet-mangle-output chain failed.
According to the nftables wiki, the mangle-output chain have (must?) to
be of type Route:
"route type: ... mangle table ... for the output hook (for other
hooks use type filter instead)."
https://wiki.nftables.org/wiki-nftables/index.php/Configuring_chains#Base_chain_types
So if we fail adding the interception rule, we retry it with type Filter
instead of Route.
Related: #781 , ced9a24
- Fixed crashes when a node connects/disconnects.
- Fixed listing nodes fw tables and chains.
- Fixed deleting nodes from the list.
- Prefs: Do not ask the user to restart the GUI when there're more than
1 node connected.
- Added options to export/import rules to/from a directory.
All nodes' rules will be exported, each ruleset to its own
directory.
Importing rules will be added to all nodes.
WIP, we'll make it more granular.
Closes#324#746
