search

evilsocket / opensnitch

OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.
GNU General Public License v3.0
9.92k stars 490 forks source link

[Feature Request]Application specific Connections Filters #772

Closed skpypf closed 1 year ago

skpypf commented 1 year ago

i like the option to filter connections by IP but i only really need it to work while using Web Browsers like firefox,chromium et cetera (to help mitigate unwanted connections while browsing)

Leaving this on creates some uneccessary popups from other programs with multiple outward connections, i.e antiviruses,apt,Tor, Updates and so on.

in laymans terms, it would be cool to be able to set special connection filter rules for a singular application instead of system wide. for example: Say I were to launch firefox, opensnitch would then filter any and all connections originating firefox by IP, while still doing the standard filtering for everything else that doesnt have special filter rules.

gustavo-iniguez-goya commented 1 year ago

Hi @skpypf ,

Probably I didn't understand you, sorry, but you can already filter by application + dest ip (and dest port, etc).

https://github.com/evilsocket/opensnitch/wiki/Rules-examples#filtering-connections-by-an-executable-path https://github.com/evilsocket/opensnitch/wiki/Rules-editor

From the pop-up you can select "From this executable" or "From this cmdline", and by clicking on the [+] button you can select also to filter by dest ip + dest port, etc.

https://github.com/evilsocket/opensnitch/wiki/Pop-ups-dialogs

skpypf commented 1 year ago

understood but sorry let me try and go into more detail..

i noticed that once you accept outgoing connections for an executable, any and all outgoing connections that the executable establishes after that are also accepted, which is fine usually but also can problematic when using modern web browsers, mainly because of trackers and fingerprinting. I like opensnitch because when its set to filter by IP, every single connection is prompted, regardless of the executable it came from. which allows me to mitigate unwanted connections from my browser when i go to a site. Most modern webpages have several if not dozens of additional connections that are not even related to the sites functionality. these outgoing connections are usually destined for well known data and user tracking links like facebook,twitter,ad.google and so on.

that being said, i wanted to be able to "filter by ip" for every single connection that that one specific single executable makes when a single executable makes more than one outgoing connection, i.e firefox. torrents etc but the caveat here is that when opensnitch is set to filter by ip, other executables also have all of their connections become rules/prompts. So say i was also using a firefox and a torrent program like utorrent. with filter by ip on, every outward connection utorrent makes, which is alot,also becomes a prompt which i need to approve. which made me wonder "What if the filter rules could be applied on a per executable basis" so when applied, if i launch and run firefox every single connection it tries to make, requires my approval as if the filter by ip was set. while other programs like utorrent, would continue to work by a single approval rule.

essentially i like the filter by ip rule, but only when using firefox.

skpypf commented 1 year ago

i did not know you could set rules for list of ips!!!! i can just do that instead :)