mirrors/opensnitch
1
0
Fork 0
mirror of https://github.com/evilsocket/opensnitch.git synced 2025-03-04 08:34:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
opensnitch/proto/ui.proto
Gustavo Iñiguez Goia d9e0c59158
Allow to configure firewall rules from the GUI (#660) 
* Allow to configure firewall rules from the GUI (WIP)

New features:
- Configure and list system firewall rules from the GUI (nftables).
- Configure chains' policies.
- Add simple rules to allow incoming ports.
- Add simple rules to exclude apps (ports) from being intercepted.

This feature is only available for nftables. iptables is still supported,
you can add rules to the configuration file and they'll be loaded, but
you can't configure them from the GUI.

More information: #592
2022-05-03 22:05:12 +02:00

187 lines
3.9 KiB
Protocol Buffer
Raw Blame History

syntax = "proto3";
package protocol;
option go_package = "github.com/evilsocket/opensnitch/daemon/ui/protocol";
service UI {
rpc Ping(PingRequest) returns (PingReply) {}
rpc AskRule (Connection) returns (Rule) {}
rpc Subscribe (ClientConfig) returns (ClientConfig) {}
rpc Notifications (stream NotificationReply) returns (stream Notification) {}
}
message Event {
string time = 1;
Connection connection = 2;
Rule rule = 3;
int64 unixnano = 4;
}
message Statistics {
string daemon_version = 1;
uint64 rules = 2;
uint64 uptime = 3;
uint64 dns_responses = 4;
uint64 connections = 5;
uint64 ignored = 6;
uint64 accepted = 7;
uint64 dropped = 8;
uint64 rule_hits = 9;
uint64 rule_misses = 10;
map<string, uint64> by_proto = 11;
map<string, uint64> by_address = 12;
map<string, uint64> by_host = 13;
map<string, uint64> by_port = 14;
map<string, uint64> by_uid = 15;
map<string, uint64> by_executable = 16;
repeated Event events = 17;
}
message PingRequest {
uint64 id = 1;
Statistics stats = 2;
}
message PingReply {
uint64 id = 1;
}
message Connection {
string protocol = 1;
string src_ip = 2;
uint32 src_port = 3;
string dst_ip = 4;
string dst_host = 5;
uint32 dst_port = 6;
uint32 user_id = 7;
uint32 process_id = 8;
string process_path = 9;
string process_cwd = 10;
repeated string process_args = 11;
map<string, string> process_env = 12;
}
message Operator {
string type = 1;
string operand = 2;
string data = 3;
bool sensitive = 4;
}
message Rule {
string name = 1;
bool enabled = 2;
bool precedence = 3;
string action = 4;
string duration = 5;
Operator operator = 6;
}
enum Action {
NONE = 0;
ENABLE_INTERCEPTION = 1;
DISABLE_INTERCEPTION = 2;
ENABLE_FIREWALL = 3;
DISABLE_FIREWALL = 4;
RELOAD_FW_RULES = 5;
CHANGE_CONFIG = 6;
ENABLE_RULE = 7;
DISABLE_RULE = 8;
DELETE_RULE = 9;
CHANGE_RULE = 10;
LOG_LEVEL = 11;
STOP = 12;
MONITOR_PROCESS = 13;
STOP_MONITOR_PROCESS = 14;
}
message StatementValues {
string Key = 1;
string Value = 2;
}
message Statement {
string Op = 1;
string Name = 2;
repeated StatementValues Values = 3;
}
message Expressions {
Statement Statement = 1;
}
message FwRule {
// DEPRECATED: for backward compatibility with iptables
string Table = 1;
string Chain = 2;
string UUID = 3;
bool Enabled = 4;
uint64 Position = 5;
string Description = 6;
string Parameters = 7;
repeated Expressions Expressions = 8;
string Target = 9;
string TargetParameters = 10;
}
message FwChain {
string Name = 1;
string Table = 2;
string Family = 3;
string Priority = 4;
string Type = 5;
string Hook = 6;
string Policy = 7;
repeated FwRule Rules = 8;
}
message FwChains {
// DEPRECATED: backward compatibility with iptables
FwRule Rule = 1;
repeated FwChain Chains = 2;
}
message SysFirewall {
bool Enabled = 1;
uint32 Version = 2;
repeated FwChains SystemRules = 3;
}
// client configuration sent on Subscribe()
message ClientConfig {
uint64 id = 1;
string name = 2;
string version = 3;
bool isFirewallRunning = 4;
// daemon configuration as json string
string config = 5;
uint32 logLevel = 6;
repeated Rule rules = 7;
SysFirewall systemFirewall = 8;
}
// notification sent to the clients (daemons)
message Notification {
uint64 id = 1;
string clientName = 2;
string serverName = 3;
// CHANGE_CONFIG: 2, data: {"default_timeout": 1, ...}
Action type = 4;
string data = 5;
repeated Rule rules = 6;
SysFirewall sysFirewall = 7;
}
// notification reply sent to the server (GUI)
message NotificationReply {
uint64 id = 1;
NotificationReplyCode code = 2;
string data = 3;
}
enum NotificationReplyCode {
OK = 0;
ERROR = 1;
}
Reference in a new issue View git blame Copy permalink