onny
commented
1 year ago Thank you for the report, do you have an example for this specific configuration?
Open bfcns opened 1 year ago
onny
commented
1 year ago Thank you for the report, do you have an example for this specific configuration?
onny
commented
1 year ago Have you tried configuring like this? Took it from here but don't know how it works https://github.com/evilsocket/opensnitch/wiki/Rules
services.opensnitch = {
enable = true;
rules = {
systemd-timesyncd = {
name = "systemd-timesyncd";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "list";
operand = "list";
data = "[{\"type\": \"simple\", \"operand\": \"dest.ip\", \"data\": \"1.1.0.1\"}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"23\"}, {\"type\": \"simple\", \"operand\": \"user.id\", \"data\": \"1000\"}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/telnet.netkit\"}]";
list = [
{
type = "simple";
operand = "dest.ip";
sensitive = false;
data = "1.1.0.1";
list = null;
}
];
};
};
};
};At which point does it fail?
bfcns
commented
1 year ago Isn't the data field a duplication of list field? It would be tedious to manage lots of rules.
Describe the bug
This is not precisely a bug afaik, but seems like missing a very important feature. Cannot create rules with "list" types, as it needs to create "data" field from the definitions for it to be able to work, if I am not missing something.
Thanks for getting this beautiful software to nix.
Notify maintainers
@onny