mirrors/opensnitch: OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.

mirror of https://github.com/evilsocket/opensnitch.git synced 2025-03-04 08:34:40 +01:00

OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.

application-firewall data-breach firewall linux networking security

Find a file

Gustavo Iñiguez Goia 12b4cf3104 added option to secure channel communications Allow to cypher channel communications with certificates. There are 3 authentication types: simple, tls-simple and tls-mutual. - 'simple' wont't cypher communications. - 'tls-simple' uses a server key and certificate for the server, and a common CA certificate or the server certificate to authenticate all nodes. - 'tls-mutual' uses a server key and certificate for the server, and a client key and certificate per node. There are 2 options to verify how gRPC validates credentials: - SkipVerify: https://pkg.go.dev/crypto/tls#Config - ClientAuthType: https://pkg.go.dev/crypto/tls#ClientAuthType Example configuration: "Server": { "Address": "127.0.0.1:12345", "Authentication": { "Type": "tls-simple", "TLSOptions": { "CACert": "/etc/opensnitchd/auth/ca-cert.pem", "ServerCert": "/etc/opensnitchd/auth/server-cert.pem", "ClientCert": "/etc/opensnitchd/auth/client-cert.pem", "ClientKey": "/etc/opensnitchd/auth/client-key.pem", "SkipVerify": false, "ClientAuthType": "req-and-verify-cert" } } } More info: https://github.com/evilsocket/opensnitch/wiki/Nodes		2023-06-23 16:51:36 +02:00
.github	sponsors list updated	2023-06-12 20:01:55 +02:00
daemon	added option to secure channel communications	2023-06-23 16:51:36 +02:00
ebpf_prog	ebpf modules compilation fixes	2023-05-28 15:24:33 +02:00
proto	new feature: send alerts to the server/UI	2022-10-12 13:31:45 +02:00
screenshots	added more screenshots	2020-02-25 22:39:32 +01:00
ui	added option to secure channel communications	2023-06-23 16:51:36 +02:00
utils	Bump rpm versions to 1.6.0.1	2023-06-16 11:42:22 +02:00
.gitignore	misc: small fix or general refactoring i did not bother commenting	2018-04-16 17:51:54 +02:00
LICENSE	Update LICENSE	2020-06-20 17:48:59 +02:00
Makefile	makefile:	2021-02-13 18:48:49 +03:00
README.md	addded donations section	2023-06-12 16:19:10 +02:00
release.sh	misc: small fix or general refactoring i did not bother commenting	2018-04-10 19:49:58 +02:00

README.md

OpenSnitch is a GNU/Linux application firewall.

•• Key Features • Download • Installation • Usage examples • In the press ••

OpenSnitch

Key features

Interactive outbound connections filtering.
Block ads, trackers or malware domains system wide.
Ability to configure system firewall from the GUI (nftables).
- Configure input policy, allow inbound services, etc.
Manage multiple nodes from a centralized GUI.
SIEM integration

Download

Download deb/rpm packages for your system from https://github.com/evilsocket/opensnitch/releases

Installation

deb

$ sudo apt install ./opensnitch*.deb ./python3-opensnitch-ui*.deb

rpm

$ sudo yum localinstall opensnitch-1*.rpm; sudo yum localinstall opensnitch-ui*.rpm

Then run: $ opensnitch-ui or launch the GUI from the Applications menu.

Please, refer to the documentation for detailed information.

OpenSnitch in action

Examples of OpenSnitch intercepting unexpected connections:

https://github.com/evilsocket/opensnitch/discussions/categories/show-and-tell

Have you seen a connection you didn't expect? submit it!

In the press

Donations

If you find OpenSnitch useful and want to donate to the dedicated developers, you can do it from the Sponsor this project section on the right side of this repository.

You can see here who are the current maintainers of OpenSnitch: https://github.com/evilsocket/opensnitch/commits/master

Contributors

See the list

Translating