rycee
commented
1 day ago I'm not familiar with opensnitch. Does it support having user-specified rules? If it's a system level firewall then Home Manager would have no way to do anything.
Open Dietr1ch opened 1 day ago
rycee
commented
1 day ago I'm not familiar with opensnitch. Does it support having user-specified rules? If it's a system level firewall then Home Manager would have no way to do anything.
Dietr1ch
commented
1 day ago I'm not familiar with opensnitch. Does it support having user-specified rules? If it's a system level firewall then Home Manager would have no way to do anything.
It's a two-part system, a System-level firewall that can have system level rules (Allow reaching to systemd-resolved at localhost:53), and a user-level UI to adjust rules that can be at an application level (Allow *:443, but only for firefox running as my user).
I find myself maintaining user/application level rules on my own, and writing down system level rules on my NixOS config. It'd be nice to be able to write the rules for my applications managed by home-manager with the home-manager config itself.
Description
We currently have
services.opensnitch-ui.enable, but there's no way to specify rules for it.NixOS on the other hand, supports adding rules.
I have no idea if there's a nice way to support a configuration file that would be read by opensnitch/opensnitch-ui right now, so this might be blocked on them supporting it in the first place.
This support would be the groundwork to support exposing rules config under
programs.*, so similar to how today we can useprograms.foo.openFirewallForBar = true, we could get the firewall configured if we didn't care to write our own opensnitch rules for some program.