Dialog opensnitch-qt from this executable from this command line this destination port this user this destination ip + once 30s 5m 15m 30m 1h until reboot forever Deny Allow User ID <html><head/><body>Executed from</body></html> TextLabel Source IP Process ID Destination IP Dst Port PreferencesDialog Preferences UI Show advanced view by default once 30s 5m 15m 30m 1h until reboot forever Action Default target <html><head/><body>If checked, the pop-ups will be displayed with the advanced view active.</body></html> deny allow by executable by command line by destination port by destination ip by user id center top right bottom right top left bottom left Pop-up default duration Duration <html><head/><body>By default when a new pop-up appears, in its simplest form, you'll be able to filter connections or applications by one property of the connection (executable, port, IP, etc).With these options, you can choose multiple fields to filter connections for.</body></html> Filter connections also by: User ID Destination port Destination IP Disable pop-ups, only display an alert <html><head/><body>This timeout is the countdown you see when a pop-up dialog is shown.If the pop-up is not answered, the default options will be applied.</body></html> Default timeout Nodes Process monitor method <html><head/><body>Log file to write logs. /dev/stdout will print logs to the standard output.</body></html> Log file <html><head/><body>The default duration will take place when there's no UI connected.</body></html> Default duration Apply configuration to all nodes <html><head/><body>The default action will take place when there's no UI connected.</body></html> HostName until restart always <html><head/><body>Address of the node.Default: unix:///tmp/osui.sock (unix:// is mandatory if it's a Unix socket)It can also be an IP address with the port: 127.0.0.1:50051</body></html> Address Version unix:///tmp/osui.sock /var/log/opensnitchd.log /dev/stdout Default log level Database Database type Select In memory File Close Apply Save The advanced view allows you to easily select multiple fields to filter connections If checked, this field will be selected when a pop-up is displayed <html><head/><body>Pop-up default action.When a new outgoing connection is about to be established, this action will be selected by default, so if the timeout fires, this is the option that will be applied. While a pop-up is asking the user to allow or deny a connection:1. new outgoing connections are denied.2. known connections are allowed or denied based on the rules defined by the user.</body></html> Default action when the GUI is disconnected Debug invalid connections Pop-ups Default options Default position on screen any temporary rules <html><head/><body>When this option is selected, the rules of the selected duration won't be added to the list of temporary rules in the GUI. Temporary rules will still be valid, and you can use them when prompted to allow/deny a new connection.</body></html> Don't save rules of duration Time Destination Protocol Process Rule Node <html><head/><body>If checked, opensnitch will prompt you to allow or deny connections that don't have an asocciated PID, due to several reasons, mostly due to bad state connections.The pop-up dialog will only contain information about the network connection.There're some scenarios where these are valid connections though, like when establishing a VPN using wireguard.</body></html> Events tab columns ProcessDetailsDialog Process details loading... CWD: loading... mem stats: loading... Status Open files I/O Statistics Memory mapped files Stack Environment variables Application pids Start or stop monitoring this process Close RulesDialog Rule Node Apply rule to all nodes To this IP / Network /path/to/executable, .*/bin/executable[0-9\.]+$, ... Action To this port To this list of domains You can specify a single IP: - 192.168.1.1 or a regular expression: - 192\.168\.1\.[0-9]+ multiple IPs: - ^(192\.168\.1\.1|172\.16\.0\.1)$ You can also specify a subnet: - 192.168.1.0/24 Note: Commas or spaces are not allowed to separate IPs or networks. LAN 127.0.0.0/8 192.168.0.0/24 192.168.1.0/24 192.168.2.0/24 192.168.0.0/16 169.254.0.0/16 172.16.0.0/12 10.0.0.0/8 ::1/128 fc00::/7 ff00::/8 fe80::/10 fd00::/8 <html><head/><body>You can specify multiple ports using regular expressions: - 53, 80 or 443:^(53|80|443)$ - 53, 443 or 5551, 5552, 5553, etc:^(53|443|555[0-9])$</body></html> once 30s 5m 15m 30m 1h until reboot always Commas or spaces are not allowed to specify multiple domains. Use regular expressions instead: .*(opensnitch|duckduckgo).com .*\.google.com or a single domain: www.gnu.org - it'll only match www.gnu.org, nor ftp.gnu.org, nor www2.gnu.org, ... gnu.org - it'll only match gnu.org, nor www.gnu.org, nor ftp.gnu.org, ... www.domain.org, .*\.domain.org To this host Duration <html><head/><body>Only TCP, UDP or UDPLITE are allowedYou can use regexp, i.e.: ^(TCP|UDP)$</body></html> TCP UDP UDPLITE TCP6 UDP6 UDPLITE6 Protocol From this executable Deny Allow From this command line From this user ID <html><head/><body>Select a directory with lists of domains to block or allow.Put inside that directory files with any extension containing lists of domains. The format of each entry of a list is as follow (hosts format):127.0.0.1 www.domain.comor 0.0.0.0 www.domain.com</body></html> Name Enable The rules are checked in alphabetical order, so you can name them accordingly to prioritize them. 000-allow-localhost 001-deny-broadcast ... leave blank to autocreate If checked, this rule will take precedence over the rest of the rules. No others rules will be checked after this one. You must name the rule in such manner that it'll be checked first, because they're checked in alphabetical order. For example: [x] Priority - 000-priority-rule [ ] Priority - 001-less-priority-rule Priority rule <html><head/><body>By default, the field of the rules are case-insensitive, i.e., if a process tries to access gOOgle.CoM and you have a rule to Deny .*google.com, the connection will be blocked. If you check this box, you have to specify the exact string (domain, executable, command line) that you want to filter.</body></html> Case-sensitive StatsDialog OpenSnitch Network Statistics Save to CSV. Ctrl+S Create a new rule <html><head/><body>hostname - 192.168.1.1</body></html> Status - Start or Stop interception Events Filter Allow Deny Ex.: firefox 50 100 200 300 Delete all intercepted events Nodes <html><head/><body>(double click on the Addr column to view details of a node)</body></html> Rules enable Edit rule Delete rule <html><head/><body>(double click on a row to view details of a rule)</body></html> search rule name Application rules Permanent Temporary Hosts <html><head/><body>(double click to view details of an item)</body></html> Applications Delete all intercepted applications Addresses Ports Users Connections Dropped Uptime Version Delete connections that matched this rule All applications Delete all intercepted hosts Delete all intercepted addresses Delete all intercepted ports Delete all intercepted users contextual_menu Statistics Enable Disable Help Close popups until reboot forever Allow Deny Outgoing connection Process launched from: from this executable from this command line to port {0} to {0} from user {0} to {0}.* to *.{0} to *{0} Remote process %s running on %s is connecting to %s on %s port %d is attempting to resolve %s via %s, %s port %d preferences Exception saving config: {0} Warning You must select a file for the database or choose "In memory" type. DB type changed Restart the GUI in order effects to take effect Applying configuration on {0} ... Server address can not be empty Error loading {0} configuration Configuration applied. Error applying configuration: {0} Hover the mouse over the texts to display the help Don't forget to visit the wiki: <a href="{0}">{0}</a> proc_details Error loading process information: Error stopping monitoring process: loading... rules There're no nodes connected. Rule applied. Error applying rule: {0} Error loading rule protocol can not be empty, or uncheck it Protocol regexp error process path can not be empty Process path regexp error command line can not be empty Command line regexp error Dest port can not be empty Dst port regexp error Dest host can not be empty Dst host regexp error Dest IP/Network can not be empty Dst IP regexp error User ID can not be empty User ID regexp error Lists field cannot be empty Lists field must be a directory Rule not supported stats Not running Disabled Running OpenSnitch Network Statistics {0} OpenSnitch Network Statistics for {0} Error: {0} Warning: Allow Deny Always Until reboot Disable Enable Duplicate Edit Delete Your are about to delete this rule. Are you sure? Rule not found by that name and node You are about to delete this rule. Save as CSV Name This is a word, without spaces and symbols. Address This is a word, without spaces and symbols. Status This is a word, without spaces and symbols. Hostname This is a word, without spaces and symbols. Version This is a word, without spaces and symbols. Rules This is a word, without spaces and symbols. Time This is a word, without spaces and symbols. Action This is a word, without spaces and symbols. Duration This is a word, without spaces and symbols. Node This is a word, without spaces and symbols. Enabled This is a word, without spaces and symbols. Hits This is a word, without spaces and symbols. Protocol This is a word, without spaces and symbols. Process This is a word, without spaces and symbols. Destination This is a word, without spaces and symbols. Rule This is a word, without spaces and symbols. UserID This is a word, without spaces and symbols. LastConnection This is a word, without spaces and symbols. Args This is a word, without spaces and symbols. DstIP This is a word, without spaces and symbols. DstHost This is a word, without spaces and symbols. DstPort This is a word, without spaces and symbols.