NOTE: this version is still WIP, so bear in mind that it may have bugs. If you install it, please, report any problems and help us to improve it, your feedback is invaluable !
What's new
- Added option to send alerts/messages to the server/GUI (477e6aa).
Note: You may see some alerts that were already happening, mainly related to eBPF and custom/hardened kernels. - Allow to filter connections by network interface (#726, 4a0f7a3)
- eBPF modules compilation automated for x86_64 architecture (at the bottom of the page)
For version 1.6.x and kernel >= 5.19
For version 1.6.x and kernel < 5.19
What's changed
-
System firewall (nftables) improvements and new features:
- Allow to create complex rules from the GUI, hopefully in an easy manner (c28643d)
- Allow to apply quotas on connections (not apps) (97b141e)
- Allow to apply rate-limits on connections (not apps) (7fcf864)
- Allow to filter by IP protocols, IP addresses, UID/GID, packet metainformation (f0a9d02,
09ec869, b8d6ead, fc96b24) - Added helpers to allow inbound or outbound connections (i.e.: preconfigured rules to exclude a service/application from being intercepted) (814ed52)
-
Better and more capable processes interception (7cbfca6, c64b2df, 1a493b9) Related: #736
-
Privacy/Security enhanced: Rules files saved with restrictive permissions, allow to configure GUI's unix socket path (736c3f9, 915b325, 820e7d5)
-
eBPF modules are loaded from /usr/lib/opensnitchd/ebpf/ now, to avoid errors upgrading them (474a637)
-
Bug fixes.
Full Changelog: v1.6.0-rc.2...v1.6.0-rc.3
New Contributors
Downloads
daemon
(NOTE: if the daemon doesn't autostart, enable it: $ sudo systemctl enable opensnitch; sudo systemctl start opensnitch)
Other arquitectures
GUI
(IMPORTANT NOTE (Ubuntu 22.04 users): See this comment after installing the GUI: #647 (comment))
(If the above packages complain about dependencies, use these ones)
- deb - for old distributions (Ubuntu <= 18.04)
- rpm - for old distributions (Fedora < 29)