blog/data/2023-02-25-opensnitch-debian.txt

   1 Title: OpenSnitch available in Debian Sid and Bookworm
   2 Tags: english, debian, opensnitch
   3 Date: 2023-02-25 20:30
   4
   5 <p>Thanks to the efforts of the OpenSnitch lead developer Gustavo
   6 Iñiguez Goya allowing me to sponsor the upload,
   7 <a href="https://tracker.debian.org/pkg/opensnitch">the interactive
   8 application firewall OpenSnitch</a> is now available in Debian
   9 Testing, soon to become the next stable release of Debian.</p>
  10
  11 <p>This is a package which set up a network firewall on one or more
  12 machines, which is controlled by a graphical user interface that will
  13 ask the user if a program should be allowed to connect to the local
  14 network or the Internet.  If some background daemon is trying to dial
  15 home, it can be blocked from doing so with a simple mouse click, or by
  16 default simply by not doing anything when the GUI question dialog pop
  17 up.  A list of all programs discovered using the network is provided
  18 in the GUI, giving the user an overview of how the machine(s) programs
  19 use the network.</p>
  20
  21 <p>OpenSnitch was uploaded for NEW processing about a month ago, and I
  22 had little hope of it getting accepted and shaping up in time for the
  23 package freeze, but the Debian ftpmasters proved to be amazingly quick
  24 at checking out the package and it was accepted into the archive about
  25 week after the first upload.  It is now team maintained under the Go
  26 language team umbrella.  A few fixes to the default setup is only in
  27 Sid, and should migrate to Testing/Bookworm in a week.</p>
  28
  29 <p>During testing I ran into an
  30 <a href="https://github.com/evilsocket/opensnitch/issues/813">issue
  31 with Minecraft server broadcasts disappearing</a>, which was quickly
  32 resolved by the developer with a patch and a proposed configuration
  33 change.  I've been told this was caused by the Debian packages default
  34 use if /proc/ information to track down kernel status, instead of the
  35 newer eBPF module that can be used.  The reason is simply that
  36 upstream and I have failed to find a way to build the eBPF modules for
  37 OpenSnitch without a complete configured Linux kernel source tree,
  38 which as far as we can tell is unavailable as a build dependency in
  39 Debian.  We tried unsuccessfully so far to use the kernel-headers
  40 package.  It would be great if someone could provide some clues how to
  41 build eBPF modules on build daemons in Debian, possibly without the full
  42 kernel source.</p>
  43
  44 <p>As usual, if you use Bitcoin and want to show your support of my
  45 activities, please send Bitcoin donations to my address
  46 <b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>