opensnitch
OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.
Top Related Projects
Quick Overview
OpenSnitch is an open-source, GNU/Linux port of the Little Snitch application firewall for macOS. It allows users to monitor and control outgoing network traffic on their Linux systems, providing real-time alerts and the ability to create rules for applications' network access.
Pros
- Offers granular control over application network access
- Provides a user-friendly GUI for easy management
- Supports both temporary and permanent rules
- Integrates well with various Linux distributions
Cons
- May impact system performance, especially on older hardware
- Requires root privileges for installation and operation
- Can be overwhelming for novice users due to its complexity
- Limited documentation for advanced features
Getting Started
To install OpenSnitch on a Debian-based system:
# Add the OpenSnitch repository
echo "deb [arch=amd64] https://opensnitch.io/repo/debian bullseye main" | sudo tee /etc/apt/sources.list.d/opensnitch.list
# Add the GPG key
wget -O - https://opensnitch.io/repo/debian/pubkey.gpg | sudo apt-key add -
# Update and install
sudo apt update
sudo apt install opensnitch python3-opensnitch-ui
# Start the service
sudo systemctl start opensnitch
After installation, the OpenSnitch daemon will start automatically. Launch the GUI by running opensnitch-ui in the terminal or from your application menu.
Competitor Comparisons
A firewall for humans...
Pros of Firehol
- More comprehensive network security solution, including firewall and traffic shaping
- Supports both IPv4 and IPv6
- Easier to configure complex firewall rules using a high-level language
Cons of Firehol
- Primarily focused on Linux systems, less cross-platform compatibility
- Steeper learning curve for users new to firewall configuration
- Less granular control over individual application network access
Code Comparison
Firehol configuration example:
interface eth0 lan
policy reject
server ssh accept
client all accept
OpenSnitch rule example:
{
"name": "allow-ssh",
"enabled": true,
"action": "allow",
"duration": "always",
"operator": {
"type": "simple",
"operand": "dest.port",
"data": "22"
}
}
While Firehol uses a custom syntax for defining firewall rules, OpenSnitch employs JSON-based configurations for its rules. Firehol's syntax is more concise and easier to read for complex firewall setups, while OpenSnitch's JSON format offers more flexibility for programmatic rule generation and management.
CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
Pros of CrowdSec
- Collaborative approach: Leverages community-sourced threat intelligence
- Multi-platform support: Works on various operating systems and cloud platforms
- Scalable: Designed for large-scale deployments and distributed environments
Cons of CrowdSec
- More complex setup: Requires additional configuration compared to OpenSnitch
- Resource intensive: May consume more system resources for threat analysis
- Learning curve: Advanced features might be challenging for novice users
Code Comparison
OpenSnitch (Go):
func (c *Connection) GetProcessInfo() (*Process, error) {
if c.Entry.ProcessId == 0 {
return nil, fmt.Errorf("Invalid process id")
}
return NewProcess(c.Entry.ProcessId)
}
CrowdSec (Go):
func (a *APIServer) CreateAlert(alert *models.Alert) error {
if err := a.dbClient.Create(alert).Error; err != nil {
return errors.Wrap(err, "while creating alert")
}
return nil
}
Both projects use Go, but CrowdSec focuses on alert management and database interactions, while OpenSnitch deals with process information for network connections. CrowdSec's code reflects its distributed nature and emphasis on threat intelligence sharing.
Convert 
designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
Join the project community on our server!
OpenSnitch is a GNU/Linux application firewall.
â¢â¢ Key Features ⢠Download ⢠Installation ⢠Usage examples ⢠In the press â¢â¢
Key features
- Interactive outbound connections filtering.
- Block ads, trackers or malware domains system wide.
- Ability to configure system firewall from the GUI (nftables).
- Configure input policy, allow inbound services, etc.
- Manage multiple nodes from a centralized GUI.
- SIEM integration
Download
Download deb/rpm packages for your system from https://github.com/evilsocket/opensnitch/releases
Installation
deb
$ sudo apt install ./opensnitch*.deb ./python3-opensnitch-ui*.deb
rpm
$ sudo yum localinstall opensnitch-1*.rpm; sudo yum localinstall opensnitch-ui*.rpm
Then run: $ opensnitch-ui or launch the GUI from the Applications menu.
Please, refer to the documentation for detailed information.
OpenSnitch in action
Examples of OpenSnitch intercepting unexpected connections:
https://github.com/evilsocket/opensnitch/discussions/categories/show-and-tell
Have you seen a connection you didn't expect? submit it!
In the press
- 2017 PenTest Magazine
- 11/2019 It's Foss
- 03/2020 Linux Format #232
- 08/2020 Linux Magazine Polska #194
- 08/2021 Linux Format #280
- 02/2022 Linux User
- 06/2022 Linux Magazine #259
Donations
If you find OpenSnitch useful and want to donate to the dedicated developers, you can do it from the Sponsor this project section on the right side of this repository.
You can see here who are the current maintainers of OpenSnitch: https://github.com/evilsocket/opensnitch/commits/master
Contributors
Translating
Top Related Projects
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot