OpenSnitch application firewall 1.4.0 added eBPF and nftables support, allow/block list

Open SnitchIt is the Linux port of the Little Snitch application firewall for macOS. An important new version was released today. The latest OpenSnitch 1.4.0 adds the ability to use eBPF to intercept processes, nftables support, allow/block lists, GUI improvements, etc.

The application consists of a daemon (written in Go) and a GUI (PyQt5); the tray icon is also available, you can use it to open the OpenSnitch GUI, disable the firewall, or close it. At runtime, OpenSnitch will monitor the outbound connections your application is trying to establish, and block or allow their connections based on a set of rules (when no existing rules are found, the user will be prompted to allow or deny access).

It is worth noting that the first time this application-level firewall is run for Linux, it will display many dialog boxes to allow or deny the connection. This is expected, because every process that attempts to establish an outbound connection is displayed in a new pop-up window in OpenSnitch. But once you allow or deny your most frequently used application, the application will remember your preferences and will not bother you again.

The latest OpenSnitch 1.4.0 adds the ability to use eBPF to intercept the process of establishing a new connection, thereby improving the reliability of tracking connections. eBPF is a mechanism for executing code in the kernel space and can be used to create programs related to debugging, tracing, networking, and firewalls.

Another major new feature in the latest OpenSnitch 1.4.0 is nftables support. nftables allows filtering and classification of network packets/datagrams/frames, and it has some advantages over iptables, such as less code deduplication and easier extension to new protocols.

OpenSnitch blocked domain list

Another change in this version is the addition of a block/allow list (screenshot above). You can use it to add global rules to block ads and malware, and limit the domains that applications can connect to.For information on how to use this new feature, see This page.

You might also like: How to permanently change the MAC address on Linux

Other changes in the latest OpenSnitch 1.4.0 include the ability to filter connections from containers, as well as many GUI improvements (more customizable, better performance, improved handling of remote nodes, etc.).

Download OpenSnitch

On the OpenSnitch download page, you will find DEB (Debian/Ubuntu/etc.) and RPM (Fedora/CentOS/etc.) binary files.There are also third-party AUR packages Available here, Suitable for Arch Linux / Manjaro.

Before installing and using OpenSnitch, I recommend checking its Known issues part.

You might also like: bandwhich shows what takes up your network bandwidth on Linux and macOS

Source

Related Posts