OpenSnitch Application Firewall 1.4.0 Adds eBPF And nftables Support, Allow/Block Lists
OpenSnitch, a Linux port of the Little Snitch application firewall for macOS, had a major new release today. The latest OpenSnitch 1.4.0 adds the ability to use eBPF to intercept processes, nftables support, allow/block lists, GUI improvements, and more.
The application is made of a daemon (written in Go) and a GUI (PyQt5); a tray icon is also available which you can use to open the OpenSnitch GUI, disable the firewall or close it. While running, OpenSnitch monitors outbound connections that your applications are trying to make, preventing or permitting their connection based on a set of rules (the user is prompted to allow or deny access when no existing rules are found).
It's worth noting that the first time you run this application-level firewall for Linux, it will display many dialogs to allow or deny connections. That's expected since every process that tries to make outbound connections is shown in a new popup by OpenSnitch. But once you allow or deny your most used applications, the application will remember your preference, and it won't bother you again.
The latest OpenSnitch 1.4.0 adds the ability to use eBPF to intercept the processes making new connections, which improves the reliability of tracking connections. eBPF is a mechanism to execute code in the kernel space, useful to create programs related to debugging, tracing, networking and firewalls.
Another major new feature in the latest OpenSnitch 1.4.0 is nftables support. nftables allows filtering and classification of network packets/datagrams/frames, and it has some advantages over iptables, like less code deduplication and easier extension to new protocols.
Yet another change in this release is the addition of block/allow lists (screenshot above). You can use this to add global rules to block ads and malware, and to limit the domains an application can connect to. For how to use this new feature, see this page.
You might also like: How To Permanently Change The MAC Address On Linux
Other changes available with the latest OpenSnitch 1.4.0 include the ability to filter connections from containers, and many GUI improvements (more customizable, better performance, improved handling of remote nodes, etc.).
Download OpenSnitch
On the OpenSnitch downloads page you'll find DEB (Debian/Ubuntu/etc.) and RPM (Fedora/CentOS/etc.) binaries. There's also a third-party AUR package available here, for Arch Linux / Manjaro.
Before installing and using OpenSnitch, I recommend checking out its known problems section.
You might also like: bandwhich Shows What`s Taking Up Your Network Bandwidth On Linux And macOS