bsdnerds logo

bsdnerds.org

Linux Firewall OpenSnitch

OpenSnitch is a Linux Application Level Firewall that comes with a GUI. It lets you control the network traffic on the host-level for applications.

Host-level based firewalls control internet traffic from the host. Traditional Linux host firewalls are not application-level based. Programs like UFW let you selects which ports should be open or closed, but not which applications should be allow to access the internet.

With OpenSnitch you can do that on application level. For every app that tries to access the internet, you get a popup where you can allow or deny the application to access the internet.

OpenSnitch firewall network traffic

Install OpenSnitch

Recently OpenSnitch has install binaries on github, so you can install them with your package manager instead of going to the compilation process.

You need to install both the daemon and the GUI. There are deb packages and rpm images for the Linux distros.
In the terminal use one of these commands:

For deb packages

sudo dpkg -i opensnitch*.deb python3-opensnitch-ui*.deb; sudo apt -f install

For rpm packages

sudo yum localinstall opensnitch-1*.rpm; sudo yum localinstall opensnitch-ui*.rpm

You should be able to run it on any of these supported Linux systems:

  • RedHat Enterprise >= 7.0
  • CentOS 8.x
  • Fedora >= 24
  • Debian >= 8
  • Linux Mint >= 18
  • Ubuntu >= 16 (works also on 14.04, but it lacks upstart service file. dpkg must be at least .1.17.x)
  • OpenSuse
  • Pop!_OS
  • MX Linux 19.x
  • OpenSuse Tumbleweed
  • LinuxMint >= 18
  • MX Linux
  • Pop!_OS

Once you have it running, you can allow or deny internet access for any application on your host.

OpenSnitch firewall network traffic

More Firewalls?

Besides an application level firewall there is a lot more you can do to secure your Linux system or home network. For instance, you can disable dmz on your router and get a custom router where you install a new firmware. That way you can install a network-level firewall on your network.

An application level firewall does not mean secure, it’s simply something you can do to increase your security. Similar to how seatbelts are not a total solution for car safety. Malware could turn of your host-level firewall or mess around, that’s why it’s a good idea to install a network-level firewall too (that means getting a new router where you install a firewall onto it). The advantage of this is that you can set a firewall configuration for your whole network.