OpenSnitch
Version: 1.3.6 Web: https://github.com/ evilsocket/opensnitch
Asystem tool is an application that helps with system administering or managing resources. We’ve had plenty of such applications in HotPicks, and in our view, the most useful system tool is OpenSnitch (see LXF250). This is an application firewall for Linux that’s designed to change people’s attitude towards security, who don’t want to get too involved. The reason is that network security at home and in the office is often as different as chalk and cheese. While system administrators take it very seriously in enterprise environments, desktop folks don’t want to bother with extra setup on their home Linux systems (yet still they want to remain protected).
Tools like OpenSnitch are designed to make home users better realise the current network activity and remain in control over it. The application was clearly inspired by LittleSnitch for macOS and offers unprecedented control over your network traffic.
Here’s how it works. First you need to get OpenSnitch running by installing and enabling its back-end (a Systemd service), and setting up the graphical frontend (a Python3 package). Once that’s done and the program is running, you’ll receive constant warnings from the OpenSnitch notifier. Whatever process in your Linux system wants to go online, it first gets caught and suspended by OpenSnitch. It may get annoying pretty quickly, but remember that you only need to set up the rules once, and after that OpenSnitch’s interruptions will become less frequent.
However, the initial rules setup gives a unique insight into the hidden network activity in your system. You can see how the DNS resolver works, how the web pages you visit collect statistics, how the weather widgets try to fetch data, or even how a proprietary software tries to phone home (for example, WPS Office). For each case you can approve or decline a connection, and also make your decision temporary or persistent. By default, OpenSnitch is permissive, which means that it waits for a while to let you take action, then lets the traffic go.