OpenSnitch Icon

Makes internet connections from all apps visible, allowing you to block or manage traffic on a per-app basis. GNU/Linux port of the Little Snitch application firewall.

Open Source

OpenSnitch Source Code

Author

evilsocket

Description

OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.

#application-firewall#data-breach#firewall#linux#networking#security

Homepage

License

GPL-3.0

Created

16 Apr 17

Last Updated

29 Nov 24

Latest version

v1.6.6

Primary Language

Python

Size

18,794 KB

Stars

10,972

Forks

512

Watchers

10,972

Language Usage

Language Usage

Star History

Star History

Recent Commits

  • Gustavo Iñiguez Goia (26 Nov 24)

    ui,prefs: allow to configure more internal options Allow to configure: - Bypass queue. - Firewall rules monitoring interval. Related: 6622df9d38967951320367ffe2b117f6c3efce3d

  • Gustavo Iñiguez Goia (25 Nov 24)

    ui,popups: fixed exception getting node address when adding a new rule When a popup was displayed to the user, if they took more than 120s to respond, the address of the node was lost. This is because the daemon has hardcoded a max timeout of 120s. If it fires, the call to AskRule is closed and the context is lost. In this situation, save the address of the node at the start of AskRule, so we can reuse it later. Closes: #1219

  • Gustavo Iñiguez Goia (23 Nov 24)

    ui: fixed delay closing the GUI When closing the GUI we were not stopping notifications channel in all cases, causing some issues (delays, log in/out problems, ...). Closes #1217

  • Gustavo Iñiguez Goia (06 Nov 24)

    updated/added new translations - Updated de_DE, fr_FR, hu_HU, lt_LT, nb_NO, ru_RU, tr_TR and zh_TW translations. - Added Czech, Hindi, Indonesian, Italian and Swedish translations.

  • Gustavo Iñiguez Goia (22 Oct 24)

    Merge pull request #1209 from atriwidada/minor_fix Make example explanation consistent with regex - take #2

  • Gustavo Iñiguez Goia (19 Oct 24)

    ui/fw: allow to configure outbound default policy Related: #1183, #884, #1201

  • Gustavo Iñiguez Goia (19 Oct 24)

    cache of events minor fixes - fixed storing the old proc after rebuilding the pids tree, when an item is replaced in cache. - removed not needed rlock.

  • Gustavo Iñiguez Goia (19 Oct 24)

    daemon/ui tests updated

  • Gustavo Iñiguez Goia (19 Oct 24)

    allow to configure nfqueue bypass flag Nfqueue bypass option skips the enqueue of packets to userspace if no application is listening to the queue. https://wiki.nftables.org/wiki-nftables/index.php/Queueing_to_userspace If this flag is not specified, and for example the daemon dies unexpectedly, all the outbound traffic will be blocked. Up until now we've been using this flag by default not to block network traffic if the daemon dies or is killed for some reason. But some users want to use precisely this behaviour (#884, #1183, #1201). Now you can configure it, to block connections if the daemon unexpectedly dies. The option is on by default in the configuration (QueueBypass: true). If this item is not present in the daemon config file, then it'll be false.

  • Andika Triwidada (18 Oct 24)

    Quota example typo fix

  • Gustavo Iñiguez Goia (17 Oct 24)

    ReadEnv() minor improvement - Improved peformance parsing the environment variables of a process. - Added ReadEnv() test. For a 4kb environ file: Benchmark-Old 58070 ns/op 19264 B/op 68 allocs/op Benchmark-New 49174 ns/op 17488 B/op 12 allocs/op

  • Andika Triwidada (17 Oct 24)

    Make example explanation consistent with regex - take #2

  • Gustavo Iñiguez Goia (14 Oct 24)

    calculate the ram usage of a process in the daemon - Calculate the ram usage of a process in the daemon, using the page size of the system. - Added new functions to read some details of a process, so we can use them in other parts of the code.

  • Gustavo Iñiguez Goia (14 Oct 24)

    added cache of events tests

  • Gustavo Iñiguez Goia (10 Oct 24)

    added tasks tests added tests for TaskManager, nodeMonitor and pidmonitor.

  • Gustavo Iñiguez Goia (10 Oct 24)

    tasks improvements

  • Gustavo Iñiguez Goia (09 Oct 24)

    refactored tasks notifications moved to their own file.

  • Gustavo Iñiguez Goia (09 Oct 24)

    getProcPids() minor improvement reduce allocs a little bit.

  • Gustavo Iñiguez Goia (07 Oct 24)

    tasks: added sockets monitor task (netstat) Added new task to monitor local sockets of nodes, similar to ss or netstat. More info: #1112

  • Gustavo Iñiguez Goia (28 Sept 24)

    Merge pull request #1198 from C0rn3j/patch-1 Update README.md - Fix Discord link nesting

  • Gustavo Iñiguez Goia (28 Sept 24)

    Merge pull request #1195 from atriwidada/master Add Indonesian translation

  • Gustavo Iñiguez Goia (27 Sept 24)

    added new task nodemonitor Added new task to monitor the resources of remote nodes, like ram, swap, number of processes or load average of the system. The task is initiated when the user selects a node, and the data received from the node is added to the right panel of the Nodes tab. The task is stopped when changing to another tab, or when deselecting a node. Particularly useful for monitoring remote nodes.

  • Martin (26 Sept 24)

    Update README.md Fix discord link being accidentally nested, it still worked before though.

  • Gustavo Iñiguez Goia (25 Sept 24)

    ui, procdialog: added missing import

  • Gustavo Iñiguez Goia (25 Sept 24)

    ui,procdialog: allow to filter sockets and files Two new options has been added to filter the process open files list by sockets and regular files (by default it display pipes, etc).

  • Gustavo Iñiguez Goia (24 Sept 24)

    introducing daemon tasks daemon tasks are actions that are executed in background by the daemon. They're started from the GUI (server) via a Notification (protobuf), with the type TASK_START (protobuf). Once received in the daemon, the TaskManager starts the task in background. Tasks may run at interval times (every 5s, 2days, etc), until they finish an operation, until a timeout, etc. Each task has each own configuration options, which will customize the behaviour of its operations. In this version, if the GUI is closed, the daemon will stop all the running tasks. Each Task has a flag to ignore this behaviour, for example if they need to run until they finish and only send a notification to the GUI, instead of streaming data continuously to the GUI (server). - Up until now we only had one task that could be initiated from the GUI: the process monitor dialog. It has been migrated to a Task{}. - go.mod bumped to v1.20, to use unsafe string functions. - go.sum updated accordingly.

  • Andika Triwidada (23 Sept 24)

    * Add Indonesian translation * sort translation files in opensnitch_i18n.pro

  • Gustavo Iñiguez Goia (20 Sept 24)

    ui,plugins: added missing files The plugins were not included when building the wheel.

  • Gustavo Iñiguez Goia (20 Sept 24)

    ui,popups: new button to update the checksum of all rules When filtering by checksum and the checksum of a rule changes, we display a warning on the popup, indicating that something happened. The user had the option to update the checksum of one rule, directly from the popup. Now there's a new button to update all the rules that have a checksum as filtering parameter.

  • Gustavo Iñiguez Goia (17 Sept 24)

    ui,rules: do not verify lists path on remote nodes When creating/editing rules to filter by lists of nets/IPs/domains, we check if the path entered is a directory. However on remote nodes, the path may not exist where the GUI is running, but be valid where the daemon is running. Now we only check the path if the node where it's being configured is local. Closes #1174

OpenSnitch Website

Website

GitHub: Let’s build from here · GitHub

GitHub is where over 100 million developers shape the future of software, together. Contribute to the open source community, manage your Git repositories, review code like a pro, track bugs and features, power your CI/CD and DevOps workflows, and secure code before you commit it.

Redirects

Does not redirect

Security Checks

All 66 security checks passed

Server Details

  • IP Address 140.82.112.4
  • Hostname lb-140-82-112-4-iad.github.com
  • Location San Francisco, California, United States of America, NA
  • ISP GitHub Inc.
  • ASN AS36459

Associated Countries

  • US

Saftey Score

Website marked as safe

100%

Blacklist Check

github.com was found on 0 blacklists

  • ThreatLog
  • OpenPhish
  • PhishTank
  • Phishing.Database
  • PhishStats
  • URLhaus
  • RPiList Not Serious
  • AntiSocial Blacklist
  • PhishFeed
  • NABP Not Recommended Sites
  • Spam404
  • CRDF
  • Artists Against 419
  • CERT Polska
  • PetScams
  • Suspicious Hosting IP
  • Phishunt
  • CoinBlockerLists
  • MetaMask EthPhishing
  • EtherScamDB
  • EtherAddressLookup
  • ViriBack C2 Tracker
  • Bambenek Consulting
  • Badbitcoin
  • SecureReload Phishing List
  • Fake Website Buster
  • TweetFeed
  • CryptoScamDB
  • StopGunScams
  • ThreatFox
  • PhishFort

Website Preview

OpenSnitch Reviews

More Firewalls

About the Data: OpenSnitch

API

You can access OpenSnitch's data programmatically via our API. Simply make a GET request to:

https://api.awesome-privacy.xyz/networking/firewalls/opensnitch

The REST API is free, no-auth and CORS-enabled. To learn more, view the Swagger Docs or read the API Usage Guide.

About the Data

Beyond the user-submitted YAML you see above, we also augment each listing with additional data dynamically fetched from several sources. To learn more about where the rest of data included in this page comes from, and how it is computed, see the About the Data section of our About page.

Share OpenSnitch

Help your friends compare Firewalls, and pick privacy-respecting software and services.
Share OpenSnitch and Awesome Privacy with your network!

View Firewalls (14)