Hi,
I am looking for a tool to control the outgoing connections of programs installed on my system.
For example, I use Little Snitch on macOS, which meets this need. It complements the OS's default firewall. With each attempt at an outgoing connection, you can choose the desired behavior: block or allow the connection, restrict it to a set of ports or IPs, choose the duration for applying the setting, etc.
For Linux, I have identified https://safing.io/ and https://github.com/evilsocket/opensnitch. Have any of you used these tools? Or do you have other alternatives?
there's also the builtin firewall in zorin that you can use.
It seems that the builtin firewall can not prompt the user, when an app/program try to connect to an external IP, to ask if the user allow or block the connection. That's what I want to do.
It this feasible?
Have you tried OpenSnitch?
Yes, I tried to install it; it was my second suggestion in the original post. It seems very interesting. But I can't get it to work. The GUI launch fails, despite the changes made according to the doc (Opensnitch no longer starts on my machine · Issue #1214 · evilsocket/opensnitch · GitHub).
Has anyone managed to get it to work (I'm on ZorinOS 17.2 Pro)?
I have only been able to test Portmaster (safing.io) so far.
The easiest way ChatGPT told me is as follows:
sudo apt update
sudo apt install ufw
sudo ufw enable
(status confiramation)
sudo ufw status verbose
(making effective after re-start)
sudo systemctl enable ufw
I managed to miss spotting that...
What method did you use to install it?
If you used PIP, please run:
sudo pip3 install --user --upgrade --force-reinstall opensnitch-ui
Ensure that the UFW itself is not blocking the thing:
sudo ufw allow 50050/tcp
Then launch using terminal with - watching for any errors listed in terminal:
opensnitch-ui
Or
opensnitch-ui --debug
Thank you @Aravisian
I downloaded the packages and install it with this command:
sudo apt install ./opensnitch*.deb ./python3-opensnitch-ui*.deb
But I get the following warning at the end:
invalid python3-grpcio version installed
Installed python3-grpcio package (1.30.2-3build6) has a bug which makes opensnitch UI unresponsive.
Last time I executed the command to resolve this with the admin user.
This time I run the commands with my regular user:
pip3 install grpcio==1.41.0
pip3 install protobuf==3.20.0
Now it works when launching opensnitch-ui.
I can now try both Portmaster and Opensnitch to learn how to configure them and see if one really meets my needs.
2 Likes
I've used Portmaster before and it generally does a pretty good work. Unfortunately, I did run into other issues that entirely severed internet access and couldn't be fixed without a full OS installation. Or to be more accurate, that was the easiest fix to the problem.
I haven't tried it in quite a while and I'm sure it has gotten better. Keep in mind though that Portmaster aims to be more than just a packet filter, so it'll naturally be more complex. I still have to try Opensnitch but it looks very promising.