New dialog added to display details of a process in realtime, gathered
from ProcFS.
Process tab -> double click on an app -> click on the button with the
search icon.
We have also improved the discovery of apps icons and names. It should
work better on systems where the DE is not properly configured.
Tested, but not bulletproof, still in beta.
Added option to let the users define iptables rules.
The system rules are added in the file /etc/opensnitchd/system-fw.json
with this format:
```
{
"SystemRules": [
{
"Rule": {
"Description": "Allow pptp VPN",
"Table": "mangle",
"Chain": "OUTPUT",
"Parameters": "-p gre",
"Target": "ACCEPT",
"TargetParameters": ""
}
}
]
}
```
On the mangle table, OUTPUT chain, these rules are added before
the NFQUEUE interception rule, so any rule you add there bypasses the
interception. Useful to allow traffic you don't want to intercept.
This feature solves in some way the issue some users have connecting to
VPNs when the Default Action configured in the daemon is Deny.
For example:
- OpenVPN when keepalive is configured and ICMP is used.
- PPTP because the GRE routing protocol is blocked.
- probably others like IPSEC.
(regarding WireGuard, as far as I can tell it works just fine, see #61).
closes#47
Use debconf to ask questions.
This allow us to:
- install deb packages using apt frontends (noninteractive, readline,
etc).
- display the questions on graphical installers like Gdebi.
closes#75
The server address and log file were hardcoded into the
opensnitchd.service file, making it almost impossible to change.
Soon we'll be able to change it from the UI.
we were not switching between process monitor methods properly, so we're
falling back to proc method in some cases.
Besides, there's seems to be a descriptors leaking problem in ftrace package
when closing resources.
nodes:
- added WA for backward compatibility with older protobuf libs.
stats:
- added sensitive and priority rules columns
- fixed selecting a node from the General tab.
- if DstHost is empty, display the IP instead.
- Hosts tab nw only lists hosts.
rules editor:
- added options to define if a rule has precedence and if it's
case-sensitive (for all fields for now). Default is case-insensitive.
closes#36
If a rule has the priority flag set, no others rules will be checked.
So if you name the rule as 000-allow-xx and set the priority flag, the
rule wil lbe the only one that will be checked if it matches a
connection.
See #36 to know more on this feature.
Sort rules by name, so they're checked in alphabetical order.
This way, you can place deny rules at the top of the list to get better
performance, since it won't check the rest of the rules.
Discussion: #36
