1 <?xml version=
"1.0" encoding=
"ISO-8859-1"?>
2 <rss version='
2.0' xmlns:lj='http://www.livejournal.org/rss/lj/
1.0/'
>
4 <title>Petter Reinholdtsen - Entries from February
2023</title>
5 <description>Entries from February
2023</description>
6 <link>https://people.skolelinux.org/pere/blog/
</link>
10 <title>OpenSnitch available in Debian Sid and Bookworm
</title>
11 <link>https://people.skolelinux.org/pere/blog/OpenSnitch_available_in_Debian_Sid_and_Bookworm.html
</link>
12 <guid isPermaLink=
"true">https://people.skolelinux.org/pere/blog/OpenSnitch_available_in_Debian_Sid_and_Bookworm.html
</guid>
13 <pubDate>Sat,
25 Feb
2023 20:
30:
00 +
0100</pubDate>
14 <description><p
>Thanks to the efforts of the OpenSnitch lead developer Gustavo
15 IƱiguez Goya allowing me to sponsor the upload,
16 <a href=
"https://tracker.debian.org/pkg/opensnitch
">the interactive
17 application firewall OpenSnitch
</a
> is now available in Debian
18 Testing, soon to become the next stable release of Debian.
</p
>
20 <p
>This is a package which set up a network firewall on one or more
21 machines, which is controlled by a graphical user interface that will
22 ask the user if a program should be allowed to connect to the local
23 network or the Internet. If some background daemon is trying to dial
24 home, it can be blocked from doing so with a simple mouse click, or by
25 default simply by not doing anything when the GUI question dialog pop
26 up. A list of all programs discovered using the network is provided
27 in the GUI, giving the user an overview of how the machine(s) programs
28 use the network.
</p
>
30 <p
>OpenSnitch was uploaded for NEW processing about a month ago, and I
31 had little hope of it getting accepted and shaping up in time for the
32 package freeze, but the Debian ftpmasters proved to be amazingly quick
33 at checking out the package and it was accepted into the archive about
34 week after the first upload. It is now team maintained under the Go
35 language team umbrella. A few fixes to the default setup is only in
36 Sid, and should migrate to Testing/Bookworm in a week.
</p
>
38 <p
>During testing I ran into an
39 <a href=
"https://github.com/evilsocket/opensnitch/issues/
813">issue
40 with Minecraft server broadcasts disappearing
</a
>, which was quickly
41 resolved by the developer with a patch and a proposed configuration
42 change. I
've been told this was caused by the Debian packages default
43 use if /proc/ information to track down kernel status, instead of the
44 newer eBPF module that can be used. The reason is simply that
45 upstream and I have failed to find a way to build the eBPF modules for
46 OpenSnitch without a complete configured Linux kernel source tree,
47 which as far as we can tell is unavailable as a build dependency in
48 Debian. We tried unsuccessfully so far to use the kernel-headers
49 package. It would be great if someone could provide some clues how to
50 build eBPF modules on build daemons in Debian, possibly without the full
51 kernel source.
</p
>
53 <p
>As usual, if you use Bitcoin and want to show your support of my
54 activities, please send Bitcoin donations to my address
55 <b
><a href=
"bitcoin:
15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b
">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b
</a
></b
>.
</p
>
projects / homepage.git / blob