OpenSnitch
github.com/evilsocket/opensnitch LinuxMakes internet connections from all apps visible, allowing you to block or manage traffic on a per-app basis. GNU/Linux port of the Little Snitch application firewall.
- Homepage: github.com/evilsocket/opensnitch
- GitHub: github.com/evilsocket/opensnitch
- Web info: web-check.xyz/results/github.com
OpenSnitch Source Code
Author
Description
OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.
Homepage
License
GPL-3.0
Created
16 Apr 17
Last Updated
29 Nov 24
Latest version
Primary Language
Python
Size
18,794 KB
Stars
10,972
Forks
512
Watchers
10,972
Language Usage
Star History
Top Contributors
- @gustavo-iniguez-goya (1238)
- @evilsocket (278)
- @adisbladis (42)
- @tioguda (14)
- @MarkoShiva (8)
- @Northern-Lights (8)
- @0xacb (6)
- @ovari (6)
- @themighty1 (6)
- @omern1 (4)
- @lainedfles (4)
- @petterreinholdtsen (4)
- @intika (3)
- @gnuhead-chieb (3)
- @SpencerIsGiddy (3)
- @raphting (3)
- @ckuethe (3)
- @raboof (3)
- @atriwidada (3)
- @luzpaz (2)
- @freddii (2)
- @WojtekWidomski (2)
- @Ph0rkoz (2)
- @p- (2)
- @nberlee (2)
- @melizeche (2)
- @jkozera (2)
- @davide125 (2)
- @carlosotgz (2)
- @nnsee (1)
Recent Commits
- Gustavo Iñiguez Goia (26 Nov 24)
ui,prefs: allow to configure more internal options Allow to configure: - Bypass queue. - Firewall rules monitoring interval. Related: 6622df9d38967951320367ffe2b117f6c3efce3d
- Gustavo Iñiguez Goia (25 Nov 24)
ui,popups: fixed exception getting node address when adding a new rule When a popup was displayed to the user, if they took more than 120s to respond, the address of the node was lost. This is because the daemon has hardcoded a max timeout of 120s. If it fires, the call to AskRule is closed and the context is lost. In this situation, save the address of the node at the start of AskRule, so we can reuse it later. Closes: #1219
- Gustavo Iñiguez Goia (23 Nov 24)
ui: fixed delay closing the GUI When closing the GUI we were not stopping notifications channel in all cases, causing some issues (delays, log in/out problems, ...). Closes #1217
- Gustavo Iñiguez Goia (06 Nov 24)
updated/added new translations - Updated de_DE, fr_FR, hu_HU, lt_LT, nb_NO, ru_RU, tr_TR and zh_TW translations. - Added Czech, Hindi, Indonesian, Italian and Swedish translations.
- Gustavo Iñiguez Goia (22 Oct 24)
Merge pull request #1209 from atriwidada/minor_fix Make example explanation consistent with regex - take #2
- Gustavo Iñiguez Goia (19 Oct 24)
ui/fw: allow to configure outbound default policy Related: #1183, #884, #1201
- Gustavo Iñiguez Goia (19 Oct 24)
cache of events minor fixes - fixed storing the old proc after rebuilding the pids tree, when an item is replaced in cache. - removed not needed rlock.
- Gustavo Iñiguez Goia (19 Oct 24)
daemon/ui tests updated
- Gustavo Iñiguez Goia (19 Oct 24)
allow to configure nfqueue bypass flag Nfqueue bypass option skips the enqueue of packets to userspace if no application is listening to the queue. https://wiki.nftables.org/wiki-nftables/index.php/Queueing_to_userspace If this flag is not specified, and for example the daemon dies unexpectedly, all the outbound traffic will be blocked. Up until now we've been using this flag by default not to block network traffic if the daemon dies or is killed for some reason. But some users want to use precisely this behaviour (#884, #1183, #1201). Now you can configure it, to block connections if the daemon unexpectedly dies. The option is on by default in the configuration (QueueBypass: true). If this item is not present in the daemon config file, then it'll be false.
- Andika Triwidada (18 Oct 24)
Quota example typo fix
- Gustavo Iñiguez Goia (17 Oct 24)
ReadEnv() minor improvement - Improved peformance parsing the environment variables of a process. - Added ReadEnv() test. For a 4kb environ file: Benchmark-Old 58070 ns/op 19264 B/op 68 allocs/op Benchmark-New 49174 ns/op 17488 B/op 12 allocs/op
- Andika Triwidada (17 Oct 24)
Make example explanation consistent with regex - take #2
- Gustavo Iñiguez Goia (14 Oct 24)
calculate the ram usage of a process in the daemon - Calculate the ram usage of a process in the daemon, using the page size of the system. - Added new functions to read some details of a process, so we can use them in other parts of the code.
- Gustavo Iñiguez Goia (14 Oct 24)
added cache of events tests
- Gustavo Iñiguez Goia (10 Oct 24)
added tasks tests added tests for TaskManager, nodeMonitor and pidmonitor.
- Gustavo Iñiguez Goia (10 Oct 24)
tasks improvements
- Gustavo Iñiguez Goia (09 Oct 24)
refactored tasks notifications moved to their own file.
- Gustavo Iñiguez Goia (09 Oct 24)
getProcPids() minor improvement reduce allocs a little bit.
- Gustavo Iñiguez Goia (07 Oct 24)
tasks: added sockets monitor task (netstat) Added new task to monitor local sockets of nodes, similar to ss or netstat. More info: #1112
- Gustavo Iñiguez Goia (28 Sept 24)
Merge pull request #1198 from C0rn3j/patch-1 Update README.md - Fix Discord link nesting
- Gustavo Iñiguez Goia (28 Sept 24)
Merge pull request #1195 from atriwidada/master Add Indonesian translation
- Gustavo Iñiguez Goia (27 Sept 24)
added new task nodemonitor Added new task to monitor the resources of remote nodes, like ram, swap, number of processes or load average of the system. The task is initiated when the user selects a node, and the data received from the node is added to the right panel of the Nodes tab. The task is stopped when changing to another tab, or when deselecting a node. Particularly useful for monitoring remote nodes.
- Martin (26 Sept 24)
Update README.md Fix discord link being accidentally nested, it still worked before though.
- Gustavo Iñiguez Goia (25 Sept 24)
ui, procdialog: added missing import
- Gustavo Iñiguez Goia (25 Sept 24)
ui,procdialog: allow to filter sockets and files Two new options has been added to filter the process open files list by sockets and regular files (by default it display pipes, etc).
- Gustavo Iñiguez Goia (24 Sept 24)
introducing daemon tasks daemon tasks are actions that are executed in background by the daemon. They're started from the GUI (server) via a Notification (protobuf), with the type TASK_START (protobuf). Once received in the daemon, the TaskManager starts the task in background. Tasks may run at interval times (every 5s, 2days, etc), until they finish an operation, until a timeout, etc. Each task has each own configuration options, which will customize the behaviour of its operations. In this version, if the GUI is closed, the daemon will stop all the running tasks. Each Task has a flag to ignore this behaviour, for example if they need to run until they finish and only send a notification to the GUI, instead of streaming data continuously to the GUI (server). - Up until now we only had one task that could be initiated from the GUI: the process monitor dialog. It has been migrated to a Task{}. - go.mod bumped to v1.20, to use unsafe string functions. - go.sum updated accordingly.
- Andika Triwidada (23 Sept 24)
* Add Indonesian translation * sort translation files in opensnitch_i18n.pro
- Gustavo Iñiguez Goia (20 Sept 24)
ui,plugins: added missing files The plugins were not included when building the wheel.
- Gustavo Iñiguez Goia (20 Sept 24)
ui,popups: new button to update the checksum of all rules When filtering by checksum and the checksum of a rule changes, we display a warning on the popup, indicating that something happened. The user had the option to update the checksum of one rule, directly from the popup. Now there's a new button to update all the rules that have a checksum as filtering parameter.
- Gustavo Iñiguez Goia (17 Sept 24)
ui,rules: do not verify lists path on remote nodes When creating/editing rules to filter by lists of nets/IPs/domains, we check if the path entered is a directory. However on remote nodes, the path may not exist where the GUI is running, but be valid where the daemon is running. Now we only check the path if the node where it's being configured is local. Closes #1174
OpenSnitch Website
Website
GitHub: Let’s build from here · GitHub
GitHub is where over 100 million developers shape the future of software, together. Contribute to the open source community, manage your Git repositories, review code like a pro, track bugs and features, power your CI/CD and DevOps workflows, and secure code before you commit it.
Redirects
Does not redirect
Security Checks
All 66 security checks passed
Server Details
- IP Address 140.82.112.4
- Hostname lb-140-82-112-4-iad.github.com
- Location San Francisco, California, United States of America, NA
- ISP GitHub Inc.
- ASN AS36459
Associated Countries
- US
Saftey Score
Website marked as safe
100%
Blacklist Check
github.com was found on 0 blacklists
- ThreatLog
- OpenPhish
- PhishTank
- Phishing.Database
- PhishStats
- URLhaus
- RPiList Not Serious
- AntiSocial Blacklist
- PhishFeed
- NABP Not Recommended Sites
- Spam404
- CRDF
- Artists Against 419
- CERT Polska
- PetScams
- Suspicious Hosting IP
- Phishunt
- CoinBlockerLists
- MetaMask EthPhishing
- EtherScamDB
- EtherAddressLookup
- ViriBack C2 Tracker
- Bambenek Consulting
- Badbitcoin
- SecureReload Phishing List
- Fake Website Buster
- TweetFeed
- CryptoScamDB
- StopGunScams
- ThreatFox
- PhishFort
Website Preview
OpenSnitch Reviews
More Firewalls
-
Provides simple and advanced ways to block access to the internet. Applications and addresses can individually be allowed or denied access to Wi-Fi and/or mobile connection.
-
Notifies you when an app is trying to access the Internet, so all you need to do is just Allow or Deny. Allows you to create filter rules based on IP address, host name or domain name, and you can allow or deny only specific connections of an app.
Not Open Source -
AFWall+
(Android - Rooted)
xdaforums.com/t/5-0-root-3-6-0-afwall-iptables-firewall-28-aug-2023.1957231Android Firewall+ (AFWall+) is an advanced iptables editor (GUI) for rooted Android devices, which provides very fine-grained control over which Android apps are allowed to access the network.
-
An open-source ad-blocker and firewall app for Android 6+ (does not require root).
-
Firewall app for iPhone, allowing you to block any connection to any domain.
Not Open Source -
Tool to control Windows Filtering Platform (WFP), in order to configure detailed network activity on your PC. (Windows)
-
Free, open source macOS firewall. It aims to block unknown outgoing connections, unless explicitly approved by the user.
-
A very polished application firewall, allowing you to easily manage internet connections on a per-app basis. (Mac OS)
Not Open Source -
Open source GUI firewall for Linux, allowing you to block internet access for certain applications. Supports both simple and advanced mode, GUI and CLI options, very easy to use, lightweight/ low-overhead, under active maintenance and backed by a strong community.
-
The ufw (Uncomplicated Firewall) is a GUI application and CLI, that allows you to configure a firewall using
iptables
much more easily. -
IPFire is a hardened, versatile, state-of-the-art Open Source firewall based on Linux. Easy to install on a raspberry Pi, since it is lightweight and heavily customizable.
-
An open source firewall tool for Linux that builds upon the Netfilter system built into the Linux kernel, making it easier to manage more complex configuration schemes with iptables.
-
Enterprise firewall and router for protecting networks, built on the FreeBSD system.
About the Data: OpenSnitch
API
You can access OpenSnitch's data programmatically via our API.
Simply make a GET
request to:
https://api.awesome-privacy.xyz/networking/firewalls/opensnitch
The REST API is free, no-auth and CORS-enabled. To learn more, view the Swagger Docs or read the API Usage Guide.
About the Data
Beyond the user-submitted YAML you see above, we also augment each listing with additional data dynamically fetched from several sources. To learn more about where the rest of data included in this page comes from, and how it is computed, see the About the Data section of our About page.
Share OpenSnitch
Help your friends compare Firewalls, and pick privacy-respecting software and services.
Share OpenSnitch and Awesome Privacy with your network!