mirrors/opensnitch
1
0
Fork 0
mirror of https://github.com/evilsocket/opensnitch.git synced 2025-03-06 09:30:58 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
opensnitch/daemon/firewall
History
Gustavo Iñiguez Goia 214e1b3c49 added priority rules to bypass/extend interception 
In some scenarios (#47) may be useful to have a set of rules handled from
OpenSnitch, although you can accomplish it with other software (ufw,...).

This rules will sit just above default intercetion, so if you want to
allow or deny something, just place it here.

These priority rules are defined in /etc/opensnitchd/fw.json, with the
following format (example):

{
    "PriorityRules": {
        "out": {
            "allow": [
            ],
            "deny": [
                "-m conntrack --ctstate INVALID",
                "-p tcp ! --syn -m conntrack --ctstate NEW"
            ]
        }
    }
}

The structure must exist even if you haven't defined any rule, for
example:
{
    "PriorityRules": {
        "out": {
            "allow": [
            ],
            "deny": [
            ]
        }
    }
}
2020-07-25 21:23:53 +02:00
..
config.go added priority rules to bypass/extend interception 2020-07-25 21:23:53 +02:00
rules.go added priority rules to bypass/extend interception 2020-07-25 21:23:53 +02:00