As a Linux user, you might think that just because Linux systems are pretty much more secure than Windows, there is no need for more security and caution. Well, today despite of what you might think, we are here because that is not the case. There is a good number of firewalls out there today available for Linux, that you can use to keep your system more secure. It’s better to be safe than sorry right? In this guide, we’ll be taking a look at one of these firewalls, called OpenSnitch.
What is OpenSnitch?
OpenSnitch is a Linux application-level firewall version of Little Snitch, which was originally built for macOS. OpenSnitch was developed and built by Simon Margaritelli, who as inspired by Little Snitch. OpenSnitch was designed to monitor and handle outbound connections for installed apps. Users may set rules to allow or prohibit internet access, and when an application without a rule tries to connect, a dialog box asks the user to approve or refuse the connection. Note that the original creator is no longer actively working on OpenSnitch, but the project has been forked to continue development.
Features of OpenSnitch
- Application-Level Firewall: OpenSnitch gives you control over the internet access of your apps. It is up to you to choose which applications should be restricted and which ones may connect.
- Graphical User Interface (GUI): OpenSnitch has a user-friendly graphical user interface. This makes configurations and customizations much easier and also makes it easy to manage your network choices and preferences.
- Open Source: OpenSnitch is available under the GPL v3 license. Anyone may participate in an open source project by contributing to it, reporting problems they run across, and even reviewing the source code.
- Rule-Based Control: This allows you, the user, to set up guidelines that indicate which apps should be prohibited and which ones are permitted to access the internet.
- Real-Time Monitoring: OpenSnitch offers customers instantaneous insight into the network activity of the installed programs by providing real-time monitoring of outbound connections.
- User Authentication: To avoid unwanted changes to firewall rules, OpenSnitch may request your authentication when making changes for increased security.
- Network Protocols: OpenSnitch can assist you determine what kinds of connections your apps are making by being aware of a number of different network protocols.
Installing OpenSnitch on Linux
We can install OpenSnitch by downloading the .deb and .rpm packages and using the various system package managers to install them. This method involves downloading the .deb and .rpm OpenSnitch packages and installing them using the various system package managers. Let’s go ahead and do so:
Installing OpenSnitch on Ubuntu and Debian based distributions
To install OpenSnitch firewall on Linux Ubuntu, Debian and other systems that support .deb files, follow the steps below:
Fetch the latest version number from GitHub and store it as a variable with the command below:
VER=$(curl -s https://api.github.com/repos/evilsocket/opensnitch/releases/latest|grep tag_name|cut -d '"' -f 4|sed 's/v//')For 32-bit ARM system users, use the command below to download the package:
## Daemon
sudo wget https://github.com/evilsocket/opensnitch/releases/download/v${VER}/opensnitch_${VER}-1_armhf.deb -O opensnitch.deb
## GUI
sudo wget https://github.com/evilsocket/opensnitch/releases/download/v${VER}/python3-opensnitch-ui_${VER}-1_all.deb -O opensnitchgui.debFor 64-bit ARM system users, use the command below to download the package:
## Daemon
sudo wget https://github.com/evilsocket/opensnitch/releases/download/v${VER}/opensnitch_${VER}-1_arm64.deb -O opensnitch.deb
## GUI
sudo wget https://github.com/evilsocket/opensnitch/releases/download/v${VER}/python3-opensnitch-ui_${VER}-1_all.deb -O opensnitchgui.debFor 64-bit Intel/AMD system users, use the following command to download the package.
## Daemon
sudo wget https://github.com/evilsocket/opensnitch/releases/download/v${VER}/opensnitch_${VER}-1_amd64.deb -O opensnitch.deb
## GUI
sudo wget https://github.com/evilsocket/opensnitch/releases/download/v${VER}/python3-opensnitch-ui_${VER}-1_all.deb -O opensnitchgui.debNow install the program with the commands below:
sudo dpkg -i opensnitch*.deb
OR
sudo apt install ./opensnitch*.debIf there are any unmet dependencies, the dpkg command may give an error. You can resolve these dependencies by running:
sudo apt-get install -fNow, OpenSnitch GUI needs to install system wide packages, using python3-pip, agree to install them now and hit enter:
If you need to uninstall the program, use this command:
sudo apt-get remove opensnitch*Installing OpenSnitch on Red Hat distributions
To install OpenSnitch firewall on Fedora, OpenSUSE, CentOS Ubuntu, Debian and other systems that support .rpm files, follow the steps below:
Run the following command to download the opensnitch.rpm package:
## Daemon
sudo wget https://github.com/evilsocket/opensnitch/releases/download/v${VER}/opensnitch-${VER}-1.x86_64.rpm -O opensnitch.rpm
## GUI
sudo wget https://github.com/evilsocket/opensnitch/releases/download/v${VER}/opensnitch-ui-${VER}-1.noarch.rpm -O opensnitchgui.rpmTo install on OpenSUSE or one of its distros, use the command below:
sudo zypper install opensnitch.rpmTo install on Fedora, RHEL and CentOS, use the command below:
sudo yum localinstall opensnitch*.rpm
OR
sudo dnf install opensnitch*.rpmTo install the program on most distros that support RPM files, use the command:
sudo rpm -i opensnitch*.rpmConfirm that the opensnitch service is running:
Then, if you need to uninstall the program, use this command:
sudo rpm -e opensnitch*Conclusion
Installing OpenSnitch on your Linux machine is a safety precaution which enhances your system’s security by filtering network traffic. This step-by-step guide shows users how to install OpenSnitch firewall on their Linux systems. OpenSnitch monitors incoming and outgoing network connections and enables users to intercept the requests and understand their system’s network interactions. As a user, ensure to keep security tools such as OpenSnitch up to date to maintain a secure Linux environment.
