Skip to content

Varac's documentation

Linux application level firewalls

varac-projects/doc

Linux application level firewalls

OpenSnitch

GitHub
Wiki
- FAQ

Install

Wiki: Installation

sudo pacman -S opensnitch
sudo systemctl enable --now opensnitchd

Config

OpenSnitch config: /etc/opensnitchd/default-config.json
Firewall baseline: /etc/opensnitchd/system-fw.json
Default rule path where rules from the UI will get placed in: /etc/opensnitchd/rules/

Maintain rules in ~/.config

This lets you share rules with your dotfiles
Change Rules.Path to i.e. /home/varac/.config/opensnitchd/rules/
Create an systemd unit override with systemctl edit opensnitchd.service and add:

[Service]
ExecStart=
ExecStart=/usr/bin/opensnitchd -rules-path /home/varac/.config/opensnitchd/rules/

Usage

Beware: The firewall is only active when the UI application is running !

Limitations

Why OpenSnitch does not intercept application XXX