mirrors/opensnitch
1
0
Fork 0
mirror of https://github.com/evilsocket/opensnitch.git synced 2025-03-04 08:34:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

updated after opensnitch repo commit 88dafe027d

wiki auto updater 2021-06-07 15:57:22 +00:00
parent 5fbd6e30f8
commit 698f547737
1 changed files with 37 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
block-lists.md

@ -2,10 +2,11 @@ Starting from version [1.4.0rc1](https://github.com/evilsocket/opensnitch/releas
It can be used to block ads, or limit to what domains an application connects to. It can be used to block ads, or limit to what domains an application connects to.
**How to configure it:**
### How to add a global rule to block ads/malware/etc:
1. Create a new rule: `000-block-domains` 1. Create a new rule: `000-block-domains`
2. Check [x] Priority, Duration: always, [x] To this list of domains 2. Check `[x] Enable`, `[x] Priority`, `Duration: always`, `[x] To this list of domains`
![image](https://user-images.githubusercontent.com/2742953/115916860-addcf500-a475-11eb-86f4-af2c645aa2ba.png) ![image](https://user-images.githubusercontent.com/2742953/115916860-addcf500-a475-11eb-86f4-af2c645aa2ba.png)
@ -19,14 +20,45 @@ $ wget https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended
![image](https://user-images.githubusercontent.com/2742953/115919049-981cff00-a478-11eb-9201-360463302399.png) ![image](https://user-images.githubusercontent.com/2742953/115919049-981cff00-a478-11eb-9201-360463302399.png)
The format of the files must be in hosts format: ---
### Limiting to what domains an application can connect to:
We'll create 2 rules:
- one for allow connections from an app to a limited number of domains.
- another one for deny everything from that app.
1. Create 2 rules: `000-allow-app` , `001-deny-all-from-app`
2. `000-allow-app`:
![image](https://user-images.githubusercontent.com/2742953/121044328-c1d67f00-c7b5-11eb-84c6-14e3abfc94a6.png)
Inside `/media/app/` write a file with a list of domains the app can connect to in hosts format:
```
127.0.0.1 xxx.domain.com
```
Remember that you may need to add the domain without the subdomains (`domain.com`, `xxx.domain.com`, etc)
3. `001-deny-all-from-app`:
![image](https://user-images.githubusercontent.com/2742953/121048055-b9cb0f00-c7b6-11eb-9b0e-bb59091fb123.png)
---
### Notes
- The format of the files must be in hosts format:
``` ```
0.0.0.0 www.domain.com 0.0.0.0 www.domain.com
127.0.0.1 www.domain.com 127.0.0.1 www.domain.com
``` ```
Lines started with # are ignored. - Lines started with # are ignored. Write comments always on a new line, not after a domain.
- The domains `local`, `localhost`, `localhost.localdomain` and `broadcasthost` are ignored.
- Whenever you save the file to disk, OpenSnitch will reload the list.
Some lists of ads, tracking, malware, etc you can use: ### Resources
Lists of ads, tracking, malware, etc that you can use:
https://www.github.developerdan.com/hosts/ https://www.github.developerdan.com/hosts/