OpenSnitch Icon

Makes internet connections from all apps visible, allowing you to block or manage traffic on a per-app basis. GNU/Linux port of the Little Snitch application firewall.

Open Source

OpenSnitch Source Code

Author

evilsocket

Description

OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.

#application-firewall#data-breach#firewall#linux#networking#security

Homepage

License

GPL-3.0

Created

16 Apr 17

Last Updated

05 Oct 24

Latest version

v1.6.6

Primary Language

Python

Size

18,454 KB

Stars

10,788

Forks

503

Watchers

10,788

Language Usage

Language Usage

Star History

Star History

Recent Commits

  • Gustavo Iñiguez Goia (28 Sept 24)

    Merge pull request #1198 from C0rn3j/patch-1 Update README.md - Fix Discord link nesting

  • Gustavo Iñiguez Goia (28 Sept 24)

    Merge pull request #1195 from atriwidada/master Add Indonesian translation

  • Gustavo Iñiguez Goia (27 Sept 24)

    added new task nodemonitor Added new task to monitor the resources of remote nodes, like ram, swap, number of processes or load average of the system. The task is initiated when the user selects a node, and the data received from the node is added to the right panel of the Nodes tab. The task is stopped when changing to another tab, or when deselecting a node. Particularly useful for monitoring remote nodes.

  • Martin (26 Sept 24)

    Update README.md Fix discord link being accidentally nested, it still worked before though.

  • Gustavo Iñiguez Goia (25 Sept 24)

    ui, procdialog: added missing import

  • Gustavo Iñiguez Goia (25 Sept 24)

    ui,procdialog: allow to filter sockets and files Two new options has been added to filter the process open files list by sockets and regular files (by default it display pipes, etc).

  • Gustavo Iñiguez Goia (24 Sept 24)

    introducing daemon tasks daemon tasks are actions that are executed in background by the daemon. They're started from the GUI (server) via a Notification (protobuf), with the type TASK_START (protobuf). Once received in the daemon, the TaskManager starts the task in background. Tasks may run at interval times (every 5s, 2days, etc), until they finish an operation, until a timeout, etc. Each task has each own configuration options, which will customize the behaviour of its operations. In this version, if the GUI is closed, the daemon will stop all the running tasks. Each Task has a flag to ignore this behaviour, for example if they need to run until they finish and only send a notification to the GUI, instead of streaming data continuously to the GUI (server). - Up until now we only had one task that could be initiated from the GUI: the process monitor dialog. It has been migrated to a Task{}. - go.mod bumped to v1.20, to use unsafe string functions. - go.sum updated accordingly.

  • Andika Triwidada (23 Sept 24)

    * Add Indonesian translation * sort translation files in opensnitch_i18n.pro

  • Gustavo Iñiguez Goia (20 Sept 24)

    ui,plugins: added missing files The plugins were not included when building the wheel.

  • Gustavo Iñiguez Goia (20 Sept 24)

    ui,popups: new button to update the checksum of all rules When filtering by checksum and the checksum of a rule changes, we display a warning on the popup, indicating that something happened. The user had the option to update the checksum of one rule, directly from the popup. Now there's a new button to update all the rules that have a checksum as filtering parameter.

  • Gustavo Iñiguez Goia (17 Sept 24)

    ui,rules: do not verify lists path on remote nodes When creating/editing rules to filter by lists of nets/IPs/domains, we check if the path entered is a directory. However on remote nodes, the path may not exist where the GUI is running, but be valid where the daemon is running. Now we only check the path if the node where it's being configured is local. Closes #1174

  • Gustavo Iñiguez Goia (17 Sept 24)

    ui: fixed syntax warning building appimages paths SyntaxWarning: invalid escape sequence '\.' (#1154)

  • Gustavo Iñiguez Goia (16 Sept 24)

    ui,plugins: added configuration examples

  • Gustavo Iñiguez Goia (16 Sept 24)

    Merge pull request #1187 from ariel-anieli/makefile-ebpf ebpf_prog/Makefile: removed useless `LLVM_STRIP`

  • Gustavo Iñiguez Goia (15 Sept 24)

    ui: introducing plugins, improved actions Up until now we had a way of customizing the views, by defining "actions". See for context cba52cf3d8ceced08541a02d8440657811600245 The configuration syntax has not changed, but now every "action" is a python plugin, for example when loading this configuration: { "name": "commonDelegateConfig", "actions": { "highlight": { "enabled": true, "cells": [ { "text": ["allow", "✓ online"], "color": "white", "bgcolor: "green", we'll try to load "highlight" as plugin, which should exist under opensnitch/plugins/highligh/highlight.py Three new plugins has been added: - Highlight: colorize cells or rows based on patterns. - Downloader: a simple downloader which downloads files to local directories, for example to download blocklists. - Virustotal: a plugin to analyze IPs, domains and checksums with the API of virustotal when a new popup is fired. There're 3 points where the plugins are configured and executed: - opensnitch/service.py - _load_plugins() (background/global plugins) - opensnitch/dialogs/prompt/__init__.py - _configure_plugins(), _post_popup_plugins() - opensnitch/dialogs/processdetails.py - _configure_plugins() Plugins can't be configured from the GUI (yet). For more details, read: opensnitch/plugins/__init__.py opensnitch/actions/__init__.py opensnitch/plugins/downloader/downloader.py opensnitch/plugins/virustotal/virustotal.py

  • Ariel Otilibili (13 Sept 24)

    ebpf_prog/Makefile: removed useless `LLVM_STRIP` `LLVM_STRIP` appears only once in Makefile: ``` $ grep LLVM Makefile LLVM_STRIP ?= llvm-strip -g ``` Signed-off-by: Ariel Otilibili <[email protected]>

  • Gustavo Iñiguez Goia (10 Sept 24)

    Merge pull request #1179 from abuturabofficial/patch-1 remove lagacy cname_trackers.txt reference from update_adlists.sh

  • Gustavo Iñiguez Goia (10 Sept 24)

    Merge pull request #1185 from ariel-anieli/makefile-ebpf ebpf_prog/Makefile: temp files are now handled by a pattern rule

  • Ariel Otilibili (09 Sept 24)

    ebpf_prog/Makefile: temp files are now handled by a pattern rule * `%.bc` are autoremoved: these LLVM IR files are intermediate [1] * `%.o` are now produced by a wildcard search * introduced `.SUFFIXES:` for cleaning up the implicit rules [2] * else Makefile would have generated `%.o` from its own database. [1] https://www.gnu.org/software/make/manual/html_node/Chained-Rules.html [2] https://www.gnu.org/software/make/manual/html_node/Suffix-Rules.html Signed-off-by: Ariel Otilibili <[email protected]>

  • Gustavo Iñiguez Goia (03 Sept 24)

    ui: restrict allowed characters in the rule name Since the name of the rule is used for the file name on the disk, certain characters caused issues when saving the rule, like '/'. Now if the user types or pastes '/' in the name field, a warning is displayed, indicating that some characters are not allowed. Closes #1166

  • AbuTurab (29 Aug 24)

    remove lagacy cname_trackers.txt reference AdGuard no longer maintains/supports that file type, and the link points to a 404 error page.

  • Simone Margaritelli (13 Jul 24)

    Update README.md

  • Gustavo Iñiguez Goia (03 Jul 24)

    updated workflow compilation deps google.golang.org/protobuf/cmd/[email protected] generates protobuffers incompatible with go1.17, it fails with the error: "ui/protocol/ui.pb.go:2716:47: predeclared any requires go1.18 or later (-lang was set to go1.17; check go.mod)" Notes: - consider using go1.18 as min required version if there's no problem compiling the daemon on Debian <= 13 and other distros. - github.com/golang/protobuf is deprecated and we should get rid of it.

  • Gustavo Iñiguez Goia (03 Jul 24)

    fw: fixed adding 'counter' obj to rules https://wiki.nftables.org/wiki-nftables/index.php/Quick_reference-nftables_in_10_minutes#Counter

  • Gustavo Iñiguez Goia (01 Jul 24)

    deb: warn about buggy python3-grpcio version (1.30.2-3build6) Ubuntu jammy package python3-grpcio, version 1.30.2-3build6, has a bug which causes applications to use 100% of the CPU. If after installing we detect that the buggy version is installed, display a warning to the user with instructions on how to solve the problem and links to the bug reports. More information: - https://bugs.launchpad.net/ubuntu/+source/grpc/+bug/1971114 - https://github.com/evilsocket/opensnitch/issues/647

  • Gustavo Iñiguez Goia (19 Jun 24)

    ui,prefs: fixed changing qspinbox values When changing qspinbox values (density scale, refresh interval, etc), we were unintentionally changing [x] Disable popups option.

  • Gustavo Iñiguez Goia (18 Jun 24)

    ui: fixed exporting/importing rules When exporting rules, use rfc3339 format for the Created field. We were exporting as timestamp, which caused issues when importing them. Related: 58aa979caed484c51b2cd86b6eb47ad142ac0844 issue #1140

  • Gustavo Iñiguez Goia (10 Jun 24)

    use [email protected] for compiling the daemon With @1.4.0 fails with the error "undefined: grpc.StaticMethod"

  • Gustavo Iñiguez Goia (10 Jun 24)

    ui: keep working if pyinotify fails loading pyinotify has stopped working in python3.12, it fails loading with the error: ModuleNotFoundError: No module named 'asyncore' For now, ignore this error and keep working as usual. Applications icons will be loaded on GUI startup, but we loose the ability of discovering the icons of applications while the GUI is running. Closes: #1132

  • Gustavo Iñiguez Goia (10 Jun 24)

    fixed loading rules when Created field is a timestamp When exporting rules from the GUI, the Created field was exported as timestamp. Importing rules worked fine, because json.Marshall() accepts the timestamp format. However, when the daemon was loading a rule with the Created field as timestamp, since the field was defined as time.Time, it expected a RFC3339 string (https://pkg.go.dev/time#Time.UnmarshalJSON) so it failed to parse the timestamp and the rule was not loaded. Now the field is defined as string, it's always saved as RFC3339, and if we fail to parse these fields we'll use a temporary date instead of failing loading the rule. More info: https://github.com/evilsocket/opensnitch/issues/1140#issuecomment-2140904847 Closes #1140

OpenSnitch Website

Website

GitHub: Let’s build from here · GitHub

GitHub is where over 100 million developers shape the future of software, together. Contribute to the open source community, manage your Git repositories, review code like a pro, track bugs and features, power your CI/CD and DevOps workflows, and secure code before you commit it.

Redirects

Does not redirect

Security Checks

All 66 security checks passed

Server Details

  • IP Address 140.82.112.4
  • Hostname lb-140-82-112-4-iad.github.com
  • Location San Francisco, California, United States of America, NA
  • ISP GitHub Inc.
  • ASN AS36459

Associated Countries

  • US

Saftey Score

Website marked as safe

100%

Blacklist Check

github.com was found on 0 blacklists

  • ThreatLog
  • OpenPhish
  • PhishTank
  • Phishing.Database
  • PhishStats
  • URLhaus
  • RPiList Not Serious
  • AntiSocial Blacklist
  • PhishFeed
  • NABP Not Recommended Sites
  • Spam404
  • CRDF
  • Artists Against 419
  • CERT Polska
  • PetScams
  • Suspicious Hosting IP
  • Phishunt
  • CoinBlockerLists
  • MetaMask EthPhishing
  • EtherScamDB
  • EtherAddressLookup
  • ViriBack C2 Tracker
  • Bambenek Consulting
  • Badbitcoin
  • SecureReload Phishing List
  • Fake Website Buster
  • TweetFeed
  • CryptoScamDB
  • StopGunScams
  • ThreatFox
  • PhishFort

Website Preview

OpenSnitch Reviews

More Firewalls

About the Data: OpenSnitch

API

You can access OpenSnitch's data programmatically via our API. Simply make a GET request to:

https://api.awesome-privacy.xyz/networking/firewalls/opensnitch

The REST API is free, no-auth and CORS-enabled. To learn more, view the Swagger Docs or read the API Usage Guide.

About the Data

Beyond the user-submitted YAML you see above, we also augment each listing with additional data dynamically fetched from several sources. To learn more about where the rest of data included in this page comes from, and how it is computed, see the About the Data section of our About page.

Share OpenSnitch

Help your friends compare Firewalls, and pick privacy-respecting software and services.
Share OpenSnitch and Awesome Privacy with your network!

View Firewalls (14)