search

evilsocket / opensnitch

OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.
GNU General Public License v3.0
9.87k stars 488 forks source link

[Feature Request] <title> #888

Closed bfcns closed 1 year ago

bfcns commented 1 year ago

Manually entering the fields for list option, needing an extra data field should not be necessary. As data and list are showing the same structure. (Using it in nixos, predetermined configuration file)

Summary:

  "operator": {
    "type": "list",
    "operand": "list",
   -> "data": "[{\"type\": \"simple\", \"operand\": \"dest.ip\", \"data\": \"1.1.0.1\"}, {\"type\": \"simple\", \"operand\": \"dest.port\", \"data\": \"23\"}, {\"type\": \"simple\", \"operand\": \"user.id\", \"data\": \"1000\"}, {\"type\": \"simple\", \"operand\": \"process.path\", \"data\": \"/usr/bin/telnet.netkit\"}]",
    "list": [
      {
        "type": "simple",
        "operand": "dest.ip",
        "sensitive": false,
        "data": "1.1.0.1",
        "list": null
      },
      {
        "type": "simple",
        "operand": "dest.port",
        "sensitive": false,
        "data": "23",
        "list": null
      },
      {
        "type": "simple",
        "operand": "user.id",
        "sensitive": false,
        "data": "1000",
        "list": null
      },
      {
        "type": "simple",
        "operand": "process.path",
        "sensitive": false,
        "data": "/usr/bin/telnet.netkit",
        "list": null
      }
gustavo-iniguez-goya commented 1 year ago

Hi @phpcitizen ,

Use the GUI please to edit the rules. I know that manually editing is the list field is a pain, but it's what it is right now.

bfcns commented 1 year ago

Hi, The problem in nixos in every app update you need to reassign new ones/delete the old ones, because the path for each app changes.

You might probably know, in nixos paths are like: /nix/store/sb8rnpbvf4hp253vjzps5fgwqdly2bkg-vlc-3.0.18/bin/vlc

So we can programmatically write the path as a variable to rules, like: NixOS Options for OpenSnitch

I can easily define simple rules, but not easy for lists because the duplicate data field. Such as:

      librewolf = {
        name = "librewolf";
        enabled = true;
        action = "allow";
        duration = "always";
        operator = {
          type = "simple";
          sensitive = false;
          operand = "process.path";
          data = "${lib.getBin pkgs.librewolf}/lib/librewolf/librewolf";
        };
      };