evilsocket / opensnitch

OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.
GNU General Public License v3.0
10.91k stars 509 forks source link

How do you use List Operator? #231

Closed echoxxzz closed 3 years ago

echoxxzz commented 5 years ago

Is there any documentation on how to use the List Operator in the .json rules files?

p- commented 5 years ago

The list operator was added by @jkozera and is quite a good idea!

Because typically you want to make rules like: "I want to allow this application to have access to this domain". (Instead of: "I want to allow access to this domain for all applications" or "I want to allow all connections coming from this application").

Following sample allows curl to access the domain apple.com:

{
  "created": "SOME-DATE",
  "updated": "SOME-DATE",
  "name": "allow-list-curl-apple-com",
  "enabled": true,
  "action": "allow",
  "duration": "always",
  "operator": {
    "type": "list",
    "list": [
    {
        "type": "simple",
            "operand": "dest.host",
            "data": "apple.com"
    },
    {
            "type": "simple",
            "operand": "process.path",
            "data": "/usr/bin/curl"
    }]
  }
}

The list type seems to be available on the GRPC interface.

jkozera commented 5 years ago

The list operator was added by @jkozera and is quite a good idea!

I'm glad someone likes it! :smile: (Though I've stopped using opensnitch, sadly.)

Anyway there's one more example of this feature at https://github.com/evilsocket/opensnitch/issues/151#issuecomment-440418638 in case anyone is interested.

gustavo-iniguez-goya commented 3 years ago

List operator is configurable from the GUI finally :)

https://github.com/gustavo-iniguez-goya/opensnitch/wiki/Rules-editor

Thanks a lot *!