New post on OpenSnitch.

diff --git a/blog/data/2023-02-25-opensnitch-debian.txt b/blog/data/2023-02-25-opensnitch-debian.txt
new file mode 100644 (file)
index 0000000..8e8f62d
--- /dev/null
+++ b/blog/data/2023-02-25-opensnitch-debian.txt
@@ -0,0 +1,46 @@
+Title: OpenSnitch available in Debian Sid and Bookworm
+Tags: english, debian
+Date: 2023-02-25 20:30
+
+<p>Thanks to the efforts of the OpenSnitch lead developer Gustavo
+Iñiguez Goya allowing me to sponsor the upload,
+<a href="https://tracker.debian.org/pkg/opensnitch">the interactive
+application firewall OpenSnitch</a> is now available in Debian
+Testing, soon to become the next stable release of Debian.</p>
+
+<p>This is a package which set up a network firewall on one or more
+machines, which is controlled by a graphical user interface that will
+ask the user if a program should be allowed to connect to the local
+network or the Internet.  If some background daemon is trying to dial
+home, it can be blocked from doing so with a simple mouse click, or by
+default simply by not doing anything when the GUI question dialog pop
+up.  A list of all programs discovered using the network is provided
+in the GUI, giving the user an overview of how the machine(s) programs
+use the network.</p>
+
+<p>OpenSnitch was uploaded for NEW processing about a month ago, and I
+had little hope of it getting accepted and shaping up in time for the
+package freeze, but the Debian ftpmasters proved to be amazingly quick
+at checking out the package and it was accepted into the archive about
+week after the first upload.  It is now team maintained under the Go
+language team umbrella.  A few fixes to the default setup is only in
+Sid, and should migrate to Testing/Bookworm in a week.</p>
+
+<p>During testing I ran into an
+<a href="https://github.com/evilsocket/opensnitch/issues/813">issue
+with Minecraft server broadcasts disappearing</a>, which was quickly
+resolved by the developer with a patch and a proposed configuration
+change.  I've been told this was caused by the Debian packages default
+use if /proc/ information to track down kernel status, instead of the
+newer eBPF module that can be used.  The reason is simply that
+upstream and I have failed to find a way to build the eBPF modules for
+OpenSnitch without a complete configured Linux kernel source tree,
+which as far as we can tell is unavailable as a build dependency in
+Debian.  We tried unsuccessfully so far to use the kernel-headers
+package.  It would be great if someone could provide some clues how to
+build eBPF modules on build daemons in Debian, possibly without the full
+kernel source.</p>
+ 
+<p>As usual, if you use Bitcoin and want to show your support of my
+activities, please send Bitcoin donations to my address
+<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>