search

evilsocket / opensnitch

OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.
GNU General Public License v3.0
10.81k stars 505 forks source link

add support for incoming connections #116

Open evilsocket opened 6 years ago

evilsocket commented 6 years ago

Right now the daemon will only intercept and manage outgoing connections, add support for incoming connections ( ip address x.x.x.x is connecting to port 80 of httpd )

Northern-Lights commented 6 years ago

What exactly is the reason that incoming connections are not being queued? I can't find the info I'm looking for in any netfilter documentation.

Edit: after digging through the code more, it looks like the reason is simply because of the rule placement (all rules are -A in rules.go.) Would it be too much to stick our rules into the chains as number 1, for example:

        rule := []string{
            "-I",
            "INPUT",
            "1",
            "--protocol", "udp",
            "--sport", "53",
            "-j", "NFQUEUE",
            "--queue-num", fmt.Sprintf("%d", queueNum),
            "--queue-bypass",
        }
GreenLunar commented 2 years ago

This is important. I've made a connection using SSH and I was surprised that OpenSnitch didn't prevent me from connecting.

robinmayol commented 1 year ago

Hello! Any update on this please?