In the fast-changing field of online safety, tools like OpenSnitch have become very important for keeping your Linux system safe and secure. OpenSnitch, the GNU/Linux port of the renowned Little Snitch application firewall, provides an unparalleled layer of security to your Linux environment. This blog post aims to explore what is OpenSnitch, and its impressive features, how to install OpenSnitch in various Linux distributions, and finally how to use OpenSnitch to secure your Linux system.
Table of Contents
What is OpenSnitch?
OpenSnitch is an open-source application-level firewall for GNU/Linux systems. This advanced firewall takes a cue from its Mac OS counterpart, Little Snitch, and brings in a robust level of security and control to Linux systems.
It helps monitor and control outgoing traffic, allowing users to set policies on a per-application basis. Thus, OpenSnitch grants you the authority to dictate which applications can send data over the internet and which ones cannot.
To put this in simple terms, OpenSnitch is like a traffic cop for your system. It lets you control what information can leave your computer over the internet.
Key Features of OpenSnitch
OpenSnitch is packed with many useful features that make it stand out among other firewalls. It brings granular control to users, allowing them to block or allow outgoing connections based on different criteria such as destination, port, and protocol. Additionally, it provides detailed reports and visualizations of network traffic, allowing you to monitor what applications are making requests and where they are being sent. OpenSnitch is also highly configurable, permitting users to craft detailed rules according to their requirements.
Here's a list of OpenSnitch features:
- Outbound Connections Filtering: OpenSnitch allows you to monitor and control the information that your applications send over the internet.
- Ad, Tracker, and Malware Blocking: With OpenSnitch, you can stop ads, trackers, and malware domains from affecting your entire system.
- Firewall Configuration from GUI: OpenSnitch allows you to set up and manage your system's firewall easily from its Graphic User Interface (GUI). You can use it to configure your input policy and allow specific services to reach your system.
- Manage Multiple Nodes: You can control and manage multiple nodes or systems from a single OpenSnitch GUI. A node refers to a daemon or a background process running on a machine. When you install the OpenSnitch daemon on multiple machines, each one becomes a node that can be managed from a centralized location through the OpenSnitch GUI. This makes it easy to monitor and control several systems at once.
- Integration with SIEM: OpenSnitch can be integrated with Security Information and Event Management (SIEM) systems. This allows for improved monitoring and faster response to security incidents.
Install OpenSnitch in Linux
Starting from version v1.5.2 and onwards, OpenSnitch is now available in the default repositories of both Debian Bookworm 12 and Ubuntu 23.04. To install OpenSnitch Debian 12 and Ubuntu 23.04, simply run:
$ sudo apt update
$ sudo apt install opensnitch
On other versions of the Linux distributions, you can install OpenSnitch by directly downloading the installation files hosted in its official GitHub repository.
Step 1: Download the Packages
First, you need to download the necessary packages for your system. You can do this by going to https://github.com/evilsocket/opensnitch/releases. From here, download the deb/rpm packages suitable for your Linux distribution.
Step 2: Installation
For .deb Systems (like Ubuntu)
Open your terminal and navigate to the directory where you downloaded the .deb files. Then, enter the following command:
$ sudo apt install ./opensnitch*.deb ./python3-opensnitch-ui*.deb
For .rpm Systems (like AlmaLinux, CentOS, Fedora, and Rocky Linux)
Open your terminal and navigate to the directory where you downloaded the .rpm files. Then, enter the following commands:
$ sudo yum localinstall opensnitch-1*.rpm $ sudo yum localinstall opensnitch-ui*.rpm
Step 3: Run OpenSnitch
After installing OpenSnitch, you can run it by entering the following command in the terminal:
$ opensnitch-ui
Alternatively, you can also launch OpenSnitch from the Applications menu on your system.
A note for Ubuntu 22.04 and Linux Mint 21.x users:
OpenSnitch UI may not work in Ubuntu 22.04 and LinuxMint 21.x due to the python3-grpcio version. To fix this follow the steps given below:
First, you need to check your Python version. Open the terminal and enter the following command:
$ python3 -V
You'll see an output like Python 3.10.9 which indicates your Python version.
Install Correct grpcio Version
The issue seems to be with the python3-grpcio version (1.30.2-3build6) that comes with Ubuntu 22. If the OpenSnitch UI is not working or is using 100% CPU, you need to install the correct version of grpcio from pip.
Use the following command, replacing "3.10" with your Python version number if different:
$ python3.10 -m pip install --ignore-installed grpcio==1.44.0
This command installs the grpcio version 1.44.0 which is compatible with OpenSnitch on Ubuntu 22.04 and LinuxMint 21.x.
After completing these steps, the OpenSnitch UI should function properly without consuming excessive CPU resources.
Start OpenSnitch Service
On Debian and Ubuntu, OpenSnitch daemon will start automatically after installation. Just in case, if it doesn't start, manually start OpenSnitch service.
Here's how you can manually start the OpenSnitch service if it doesn't start automatically after installation or reboot:
Step 1: Enable the OpenSnitch Service
First, enable the OpenSnitch service by running the following command in the terminal:
$ sudo systemctl enable --now opensnitch
This command ensures that the OpenSnitch service will automatically start each time you boot your system.
Step 2: Start the OpenSnitch Service
Next, manually start the OpenSnitch service with the following command:
$ sudo systemctl start opensnitch
This command starts the OpenSnitch service immediately.
If the above commands don't work with opensnitch, try replacing opensnitch with opensnitchd in both commands.
After these steps, the OpenSnitch service should be up and running on your system.
And that's it! You've successfully installed OpenSnitch on your Linux system and started its service. Now, you can start configuring it to monitor and control your outbound network traffic.
Secure Linux System with OpenSnitch
Once you've installed OpenSnitch, you'll see a new icon in your system tray. You can click this icon to open the OpenSnitch interface. Alternatively, you can find OpenSnitch in your system menu under the 'Internet' section. If you're using GNOME, you can find OpenSnitch by searching for it in the dash and then clicking on its icon.
As soon as OpenSnitch is started, the background service starts to check your system's connections. It will then prompt you to either allow or deny these connections.
If you don't take any action within 30 seconds (you can change this time interval), OpenSnitch will proceed with the default action. The default action is deny.
If you want to change the time interval or the default action, click on the Preferences icon and change the values accordingly.
Please note that the OpenSnitch prompts the user to either allow or block an application each time a new one is launched. While this might initially seem bothersome, it's a one-time process for each application. After you've chosen to allow or block all your applications, these prompts will stop. This means that after the initial setup, OpenSnitch will operate smoothly, enhancing your system's security without disrupting your workflow.
Within the OpenSnitch graphical user interface (GUI), you can observe all the connections and processes that have been intercepted by the daemon. By double-clicking on a specific row, you can view the information regarding a process, rule, host, or user.
Let us navigate to each tab and try to observe what is going on in there.
Events Tab
This is the first tab in OpenSnitch interface. In Events tab, you can view all the activity that the OpenSnitch service has recorded.
The following picture shows the "Events" section of OpenSnitch UI.
As you can see, the 'Events Tab' displays a comprehensive log of all the network connections that the OpenSnitch service has registered. You can filter these connections by the action taken, a specific keyword, or limit the number of entries shown. Furthermore, you have the option to organize these connections based on the columns.
Certain columns are interactive and will display more details when clicked on. For instance, if you double-click on a 'Node', it will show you all the connections associated with that particular node.
Nodes Tab
You can view a list of all known nodes under the 'Nodes' tab. As I stated already, a node refers to a service (or daemon) running on a computer. This service can be installed across several computers and controlled from a central server, like a Graphical User Interface (GUI).
Rules Tab
Within the 'Rules' tab, you can view the list of all defined rules. Double-clicking on a rule will provide more details about it. Moreover, by right-clicking on a rule, you can perform various operations individually or in groups.
If you find any suspicious activity, you can immediately block them from the 'Rules' section. For example, to deny a connection, simply Right click on a rule and select Action -> Deny.
If you look at the left pane of the Rules tab, the Application rules category link shows two more sub-categories named "Permanent" and "Temporary".
By default, all the rules are temporary that are saved under the "Temporary" sub-category. These rules will remain in effect only until the system is restarted. To make them permanent, Right click on the Rule, and select Duration -> Always.
After you've made the rules permanent, they will be under "Permanent" sub-category.
Similarly, you can disable and delete a rule by choosing the respective option from the right click context menu.
Hosts Tab
This tab shows the list of remote hosts that are connected to your system.
You can double click on any host to view the detailed information (E.g. Destination IP, protocol, port etc.) about that particular host.
Applications Tab
The Applications tab shows the list of applications (i.e. processes) that currently being monitored by OpenSnitch.
Click on any application to view more details about that particular application.
Addresses Tab
The Addresses tab lists all the IP addresses of the remote hosts connected to your local system. The remote hosts might be the software mirrors, DNS server (E.g. 8.8.8.8), and NTP server etc.
If you want to view more details about a remote host, simply double click on the IP address.
Ports Tab
This tab shows the what ports are currently being used by applications to connect to the external world. It could be your DNS server port (E.g. 53).
Users Tab
This tab shows all the list of system and local user accounts.
Uninstall OpenSnitch
Here are the steps to uninstall OpenSnitch from your system, which includes the removal of its rules and configuration:
Note: If you're planning to install a new version of OpenSnitch, there's no need to uninstall the old version first. Simply install the new version and it will automatically upgrade.
For deb packages:
To remove the package while keeping the configuration and rules, use the following command:
$ sudo apt remove opensnitch python3-opensnitch-ui
To completely remove the packages, including rules and configuration, use the following command:
$ sudo apt remove --purge opensnitch python3-opensnitch-ui
For rpm packages:
- For Yum, use the command: sudo yum remove opensnitch opensnitch-ui
- For Dnf, use the command: sudo dnf remove opensnitch opensnitch-ui
- For Zypper, use the command: sudo zypper remove opensnitch opensnitch-ui
If you installed pip packages:
You can uninstall them using the following commands:
$ pip3 uninstall grpcio-tools unicode_slugify pyinotify $ pip3 uninstall grpcio PyQt5 Unidecode
(Note: The latter are transient dependencies; you can check with pip show to validate how the original installation was done. If you find the installation location is not /usr/lib/, then these are not installed through apt.)
After following these steps, OpenSnitch should be completely removed from your system.
Frequently Asked Questions
Here's a list of commonly asked FAQ about OpenSnitch.
Q: What is OpenSnitch?A: OpenSnitch is an open-source application level firewall that allows you to control outgoing connections from your computer.
Q: What are some key features of OpenSnitch?A: OpenSnitch can filter outbound connections interactively, block ads, trackers or malware domains, manage multiple nodes from a GUI, configure system firewall from the GUI, and integrate with third-party SIEM solutions.
Q: How do I install OpenSnitch?A: You can download the appropriate packages from the official GitHub page and install them using the package manager of your system. For Debian Bookworm 12 and Ubuntu 23.04, OpenSnitch is available in the official repositories and can be installed using the apt package manager.
Q: The OpenSnitch UI doesn't work in Ubuntu 22.04, how can I fix this?A: The issue might be related to the python3-grpcio version. As a workaround, install the grpcio version from pip as your regular user, following the commands provided in the "Install OpenSnitch" section.
Q: What does the term 'node' refer to in OpenSnitch?A: A 'node' refers to a service running on a computer. You can install the service across multiple computers and control them from a central server, like a GUI.
Q: What are the 'Events', 'Nodes' and 'Rules' tabs in the OpenSnitch GUI?A: The 'Events' tab logs all network connections registered by the service. The 'Nodes' tab lists all recognized nodes. The 'Rules' tab displays all the defined rules.
Q: What happens if I don't respond to the connection prompts from OpenSnitch?A: If you don't take any action within 30 seconds, OpenSnitch will proceed with the default action you have set up beforehand. You can change these later via Preferences window.
Q: Are OpenSnitch rules permanent?A: By default, all the rules in OpenSnitch are temporary. These rules will remain in effect only until the system undergoes a restart.
Q: Can OpenSnitch help block ads and trackers?A: Yes, OpenSnitch can be used to block ads, trackers, and even malware domains system-wide, giving you control over what your system connects to.
Q: Do I need to uninstall OpenSnitch before installing a new version?A: No, if you're planning to install a new version of OpenSnitch, there's no need to uninstall the old version first. Simply install the new version and it will automatically upgrade.
Related Read: How To Effortlessly Monitor Your Internet Traffic Using Sniffnet Network Monitoring Tool In Linux And Unix
Conclusion
OpenSnitch is a robust, user-friendly application level firewall. Its ability to control outbound connections, block unwanted ads, and provide detailed insights makes it an invaluable tool for ensuring network security. Whether you're an individual user or managing multiple nodes, OpenSnitch offers a blend of power and simplicity that enhances system control and protection.
Let us know your thoughts on this firewall application via the comment section below.
Resource:
- OpenSnitch GitHub Repository
The above is the detailed content of Taking Linux Security To The Next Level With OpenSnitch Firewall. For more information, please follow other related articles on the PHP Chinese website!

The Linux command line interface provides a wealth of text processing tools, one of the most powerful tools is the sed command. sed is the abbreviation of Stream EDitor, a multi-functional tool that allows complex processing of text files and streams. What is Sed? sed is a non-interactive text editor that operates on pipeline inputs or text files. By providing directives, you can let it modify and process text in a file or stream. The most common use cases of sed include selecting text, replacing text, modifying original files, adding lines to text, or removing lines from text. It can be used from the command line in Bash and other command line shells. Sed command syntax sed

Efficiently Counting Files and Folders in Linux: A Comprehensive Guide Knowing how to quickly count files and directories in Linux is crucial for system administrators and anyone managing large datasets. This guide demonstrates using simple command-l

Efficiently managing user accounts and group memberships is crucial for Linux/Unix system administration. This ensures proper resource and data access control. This tutorial details how to add a user to multiple groups in Linux and Unix systems. We

Liquorix kernel: a powerful tool to improve Linux system performance Linux is known for its flexibility, security and high performance, becoming the operating system of choice for developers, system administrators, and advanced users. However, the universal Linux kernel is not always meeting the needs of users seeking maximum performance and responsiveness. This is where the Liquorix kernel comes into play—a performance-optimized alternative that promises to enhance your Linux system. This article will explore what the Liquorix kernel is, why you might want to use it, and how to install and configure it to get the most out of your system. Liquorix kernel detailed explanation Liquorix kernel is a precompiled Linux kernel designed for

Linux Kernel is the core component of a GNU/Linux operating system. Developed by Linus Torvalds in 1991, it is a free, open-source, monolithic, modular, and multitasking Unix-like kernel. In Linux, it is possible to install multiple kernels on a sing

This brief guide explains how to type Indian Rupee symbol in Linux operating systems. The other day, I wanted to type "Indian Rupee Symbol (₹)" in a word document. My keyboard has a rupee symbol on it, but I don't know how to type it. After

Introduction In the realm of Linux, where the command line is often the compass by which we navigate, the efficient management of disk space is crucial. Whether you’re sailing through personal projects or steering the ship o
![Install Fedora Linux 41 Workstation [Step-by-Step Guide]](https://img.php.cn/upload/article/001/242/473/174149047084567.png?x-oss-process=image/resize,p_40)
This guide provides a comprehensive walkthrough for installing Fedora Linux 41 Workstation Edition. Let's get started! Table of Contents - Step 1: Prepare Your Fedora 41 Installation Media Step 2: Boot from the Fedora 41 Installation Media Step 3:


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

AI Hentai Generator
Generate AI Hentai for free.

Hot Article

Hot Tools

PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool

DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software

SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.

Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.

MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
