[Feature Request] Add more capability to the rule search feature

[NRGLine4Sec]

It could be convenient to have more capability to the rule search feature to be able to obtain more easily the rules you are looking for. This is particularly interesting for rule review. Currently we can only search by the rule name, but i think it could be interesting to be able to search by destination port / destination host or IP... A concrete use case : If I want to know all the rules that allow DNS connection (tcp/udp on port 53), currently I have to check all the rule in the GUI, one by one to get the information. I have a smarter way to do it by parsing the JSON files :

grep -l -R '.*"data":.*53' /etc/opensnitchd/rules

But I think this could be more easier to do it in the GUI. What do you think @gustavo-iniguez-goya ?

[gustavo-iniguez-goya]

hey @NRGLine4Sec , I'm adding a new section to the rules' left panel to display alerts received from the daemon, so I can take a look at it. When filtering by text we need to get the rule's fields from the db and use the fields in the query.

I haven't forgotten the other feature to colorize the rules, but there's always something more important to do...

[NRGLine4Sec]

Hi @gustavo-iniguez-goya Yes, I understand that this is a project that requires a lot of work. Don't worry, these are very low priority requests.

[gustavo-iniguez-goya]

@NRGLine4Sec see if this is enough, you can test it by changing the line, it's a simple change: https://github.com/evilsocket/opensnitch/commit/b2ccb34c17ea919ec32bc8fa7d71a59f18371833

https://github.com/evilsocket/opensnitch/blob/b2ccb34c17ea919ec32bc8fa7d71a59f18371833/ui/opensnitch/dialogs/stats.py#L1644

[NRGLine4Sec]

Hi @gustavo-iniguez-goya Yes ! For me it's quite enough, but maybe other users will sort their searches by type, IP, hosts, ports, etc. Now, I think we can close this issue, if users want to be able to categorize their searches, I guess they will open a new request.