No early start and long shutdown.

evilsocket / opensnitch

OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.

GNU General Public License v3.0

9.92k stars 490 forks source link

No early start and long shutdown. #723

Closed Barlet44 closed 1 year ago

Barlet44 commented 1 year ago

I noticed that the opensnitch does not start when initializing the OS. For example, tor manages to broadcast to the network before opensnitch fully load. Therefore, any malware also has this opportunity. This is a weak spot. Can you do something with this? I also noticed that the opensnitch interferes with normal PC shutdown. The shutdown occurs much longer with opensnicth than without it. It does not matter systemd or sysvinit. Can you do something with this also?

gustavo-iniguez-goya commented 1 year ago

hi @Barlet44 , what distro are you using?

Barlet44 commented 1 year ago

Devuan 4.0 and Debian 11.

gustavo-iniguez-goya commented 1 year ago

Reviewing this issue, we could make the daemon start on multi-user stage, as tor does:

cat /etc/systemd/system/multi-user.target.wants/tor.service
(...)
[Install]
WantedBy=multi-user.target

But there can be some nasty effects and others users may no want it: https://forums.linuxmint.com/viewtopic.php?p=2205991#p2205991

My personal opinion is that we should start the daemon as soon as possible.