Skip to content

Releases: evilsocket/opensnitch

v1.6.0-rc.3

13 Dec 12:01
@gustavo-iniguez-goya gustavo-iniguez-goya
v1.6.0-rc.3
This tag was signed with the committer’s verified signature.
gustavo-iniguez-goya Gustavo Iñiguez Goia
GPG key ID: 47F14912BCF6BE9C
Learn about vigilant mode.
1775da2
This commit was signed with the committer’s verified signature.
gustavo-iniguez-goya Gustavo Iñiguez Goia
GPG key ID: 47F14912BCF6BE9C
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.6.0-rc.3 Pre-release
Pre-release

NOTE: this version is still WIP, so bear in mind that it may have bugs. If you install it, please, report any problems and help us to improve it, your feedback is invaluable !

What's new

What's changed

  • System firewall (nftables) improvements and new features:

    • Allow to create complex rules from the GUI, hopefully in an easy manner (c28643d)
    • Allow to apply quotas on connections (not apps) (97b141e)
    • Allow to apply rate-limits on connections (not apps) (7fcf864)
    • Allow to filter by IP protocols, IP addresses, UID/GID, packet metainformation (f0a9d02,
      09ec869, b8d6ead, fc96b24)
    • Added helpers to allow inbound or outbound connections (i.e.: preconfigured rules to exclude a service/application from being intercepted) (814ed52)

  • Better and more capable processes interception (7cbfca6, c64b2df, 1a493b9) Related: #736

  • Privacy/Security enhanced: Rules files saved with restrictive permissions, allow to configure GUI's unix socket path (736c3f9, 915b325, 820e7d5)

  • eBPF modules are loaded from /usr/lib/opensnitchd/ebpf/ now, to avoid errors upgrading them (474a637)

  • Bug fixes.

Full Changelog: v1.6.0-rc.2...v1.6.0-rc.3

New Contributors

Downloads

daemon

(NOTE: if the daemon doesn't autostart, enable it: $ sudo systemctl enable opensnitch; sudo systemctl start opensnitch)

Other arquitectures

GUI

(IMPORTANT NOTE (Ubuntu 22.04 users): See this comment after installing the GUI: #647 (comment))

(If the above packages complain about dependencies, use these ones)

Contributors

szimszon and 0xphk
Assets 18
Loading

v1.5.2

28 Jul 09:09
@gustavo-iniguez-goya gustavo-iniguez-goya
v1.5.2
82691eb
Compare
Choose a tag to compare
v1.5.2

(update 16/12/2022: rpm packages reuploaded. Signed with gpg key - #776)

What's changed

  • daemon: fixed mem leak when connecting to the GUI (2a6afcb)
  • daemon: mount debugfs if it's not mounted, in order to use eBPF (ecc743e)
  • GUI: improved displaying the events window (4ab4fbf)
  • GUI: fixed notifications initialization (df5c097)
  • GUI: improved quitting from the app (ce9e195)
  • GUI: improved regular expressions for process path and command line (1226751)

Full Changelog: v1.5.1...v1.5.2

Downloads

daemon

(NOTE: if the daemon doesn't autostart, enable it: $ sudo systemctl enable opensnitch; sudo systemctl start opensnitch)

GUI

(IMPORTANT NOTE (Ubuntu 22.04 / LinuxMint 21 users): See this comment after installing the GUI: #647 (comment))

(If the above packages complain about dependencies, use these ones)

Assets 16
Loading

v1.6.0-rc.2

15 Jul 23:46
@gustavo-iniguez-goya gustavo-iniguez-goya
v1.6.0-rc.2
77f5257
Compare
Choose a tag to compare
v1.6.0-rc.2 Pre-release
Pre-release

NOTE: this version is still WIP, so bear in mind that it may have bugs. If you install it, please, report any problems and help us to improve it, your feedback is invaluable :)

What's Changed

New Contributors

Full Changelog: v1.6.0-rc.1...v1.6.0-rc.2

Downloads

daemon

(NOTE: if the daemon doesn't autostart, enable it: $ sudo systemctl enable opensnitch; sudo systemctl start opensnitch)

GUI

(IMPORTANT NOTE (Ubuntu 22.04 users): See this comment after installing the GUI: #647 (comment))

(If the above packages complain about dependencies, use these ones)

Contributors

nberlee, pizzadude, and Pheidologeton
Assets 18
Loading

v1.6.0-rc.1

20 Jun 23:10
@gustavo-iniguez-goya gustavo-iniguez-goya
v1.6.0-rc.1
2ca8bb4
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.6.0-rc.1 Pre-release
Pre-release

What's new

  • Added option to configure system firewall (nftables) from the GUI (d9e0c59):

    • Apply global policies (for example: drop input while allowing output traffic).
    • Add exclusiones graphically (for example to allow certain services like VPN)
    • Open ports when the default policy is DROP.

    The GUI doesn't allow yet to configure all the options. However you can edit the configuration file manually if you need to, it's a quite complete frontend to nftables.
    Documentation: https://github.com/evilsocket/opensnitch/wiki/System-rules

    Please, note that this is a WIP feature. If you find any bug, please open a new issue, or drop a comment in this post: #592 thank you!

  • Added option to send events to Syslog (7b610c0):

    Also a WIP feature. If you find any bug, please open a new issue, or drop a comment in this post: #638 thank you!

  • Add eBPF based DNS lookup hooks (a4b7f57) by @calesanz !

    • Fixed loading uprobes when libc has the symbols stripped @JeremyMahieu

What's changed

  • Better DE integration: b49de30
  • There's a new rule field (Description), which you can use to describe what a rule does (3c524c1). The rules view now only displays the relevant fields.
  • Fix a minor typo by @markozajc in #610
  • Add systemd-resoved listener by @calesanz in #582
  • Allow building on systems using musl by @cinerea0 in #625
  • Allow to configure firewall rules from the GUI by @gustavo-iniguez-goya in #660
  • Fixes attachment of dns uprobes when libc is stripped of symbol names by @JeremyMahieu in #666

New Contributors

Full Changelog: v1.5.0...v1.6.0-rc.1

Downloads

daemon

(NOTE: if the daemon doesn't autostart, enable it: $ sudo systemctl enable opensnitch; sudo systemctl start opensnitch)

GUI

(IMPORTANT NOTE (Ubuntu 22.04 users): See this comment after installing the GUI: #647 (comment))

(If the above packages complain about dependencies, use these ones)

[21/06/2022 11:00 NOTE: GUI packages regenerated because of this #671 ]

Contributors

gustavo-iniguez-goya, calesanz, and 3 other contributors
Assets 17
Loading

v1.5.1

18 Apr 13:41
@gustavo-iniguez-goya gustavo-iniguez-goya
v1.5.1
c20f1c1
Compare
Choose a tag to compare
v1.5.1

What's new

  • Allow to customize GUI theme. c20f1c1
    You'll need to install qt-material from pip: $ pip3 install qt-material

What's changed

Full Changelog: v1.5.0...v1.5.1

Downloads

daemon

(NOTE: if the daemon doesn't autostart, enable it: $ sudo systemctl enable opensnitch; sudo systemctl start opensnitch)

GUI

(IMPORTANT NOTE (Ubuntu 22.04 users): See this comment after installing the GUI: #647 (comment))

(If the above packages complain about dependencies, use these ones)

Assets 15
Loading

v1.5.0

03 Feb 23:35
@gustavo-iniguez-goya gustavo-iniguez-goya
v1.5.0
c396ed6
Compare
Choose a tag to compare
v1.5.0

What's new

  • Better in-kernel connections interception (WireGuard, IP tunnels, NFS and SMB connections, ..) - 0526b84
  • Added Reject action. Improves user experience in some situations, like when blocking ads or trackers. - 8d3540f
  • Use system notifications to display alerts - 843412d
  • More flexbility to block ads, trackers or malware domains system wide - 3b6c041 - learn more
  • Support for SysV based init systems like Devuan - 91ff72b

What's changed

  • Improved connections parsing - 479b8de
  • Improved eBPF subsystem - 7c87baf
  • Improved GUI user experience:
    • Better key navigation - 434bbf9
    • Better rules handling - #560
    • Improved performance when saving events to a DB on disk - #565 , #566 , 75cfd39 , deee72a
    • Allow to limit the numbers of connections saved to the DB.
    • Allow to apply filters in all views, as well as in detail views.
    • Better multiple nodes support - 5d6121b , #576
    • Added help button, to display a quick help.
    • The Address view will display the Network Name (ASN) if the package python3-pyasn is installed - 42b8774
    • Allow to copy selected rows to clipboard.
  • Regression: The Events view is not as performant as before. We'll have to work on that area.

Misc

  • More unit tests for GUI and daemon.
  • Fixed several GUI crashes.

Known bugs

  • On lxQt, the GUI is not launched from the system menu.
  • On Ubuntu 22.04, the GUI never appears. See this comment to work around this problem: #647 (comment)

Contributors ❤️

@ryanolton @staticssleever668 @Scrumplex @tioguda @themighty1 @BobSquarePants @bob04619 @wsgcsysadmin @Shadow505 @alexholox @Natrinicle @chicagoo17 @pizzadude @NRGLine4Sec and others.

Full Changelog: v1.4.0...v1.5.0

Downloads

daemon

(NOTE: if the daemon doesn't autostart, enable it: $ sudo systemctl enable opensnitch; sudo systemctl start opensnitch)

GUI

(IMPORTANT NOTE (Ubuntu 22.04 users): See this comment after installing the GUI: #647 (comment))

(If the above packages complain about dependencies, use these ones)

Contributors

themighty1, ryanolton, and 12 other contributors
Assets 15
Loading

v1.5.0-rc.2

21 Jan 17:18
@gustavo-iniguez-goya gustavo-iniguez-goya
v1.5.0-rc.2
a936e87
Compare
Choose a tag to compare
v1.5.0-rc.2 Pre-release
Pre-release

What's Changed

UI

  • Improved performance and fixed many issues (#560 , #565 , #576)
  • Saving events to a DB on disk is much better now. You can also select how many days to keep.
  • Fixed some crashes.
  • Use system notifications to display alerts - 843412d (#468, #476, #477)
  • Pop-ups: some improvements - 7006604 - 9e53997

Daemon

  • Fixed an issue that caused falling back to use ProcFS procs monitor method - 7c87baf

Misc

Full Changelog: v1.5.0-rc.1...v1.5.0-rc.2

Downloads

daemon

(Note: if the daemon doesn't autostart, enable it: $ sudo systemctl enable opensnitch; sudo systemctl start opensnitch)

GUI

(If the above packages complain about dependencies, use these ones)

Contributors

tioguda and Scrumplex
Assets 14
Loading

v1.4.3

24 Nov 18:29
@gustavo-iniguez-goya gustavo-iniguez-goya
v1.4.3
cf7f6b4
Compare
Choose a tag to compare
v1.4.3

Daemon bug fix:

  • Don't load rules that fail to compile 9821800

Note: latest GUI version is1.4.2, while daemon's is 1.4.1. Release v1.4.3 is the result of all changes added to 1.4.0 branch.

Downloads

GUI

https://github.com/evilsocket/opensnitch/releases/tag/v1.4.2

Daemon

x86_64:
deb - rpm

i386:
deb - rpm

armhf (for raspberry pi, mobiles and others):
deb

arm64 (for raspberry pi, mobiles and others):
deb - rpm

Full Changelog: v1.4.2...v1.4.3

Assets 10
Loading

v1.5.0-rc.1

11 Dec 18:28
@gustavo-iniguez-goya gustavo-iniguez-goya
v1.5.0-rc.1
479b8de
Compare
Choose a tag to compare
v1.5.0-rc.1 Pre-release
Pre-release

[UPDATE 17/12/2021] daemon x86_64 packages (deb/rpm) rebuilt, because somehow it was uploaded with debug traces, consuming up to 1GB of RAM.

What's new

  • 0526b84 Intercept in kernel connections (#513): WireGuard, IP tunnels, NFS and SMB connections, etc (#454, #502 , #500)

Note: if WireGuard or other VPNs are still not intercepted, be sure that you have the correct eBPF module (#454 (comment))

  • 8d3540f Added Reject action. Besides Deny, now you can reject connections, i.e., the application making the request won't wait the default timeout (~30s) to close the connection, improving the user experience in some situations. (Read more: #481)
    You can enable it by editing a rule or by creating a new one.
  • 3b6c041 New rules types to block or allow:
    • list of IPs and network ranges.
    • lists of domains with regular expressions (you can use PiHole regexp lists for example).
  • 4ea0904 Allow to filter connections by PID (also known as "by this session" / "by this instance")

What's Changed

New Contributors

Full Changelog: v1.4.0...v1.5.0-rc.1

Downloads

daemon

GUI

(If the above packages complain about dependencies, use these ones)

Contributors

themighty1, ryanolton, and gustavo-iniguez-goya
Assets 14
Loading

v1.4.2

04 Nov 23:32
@gustavo-iniguez-goya gustavo-iniguez-goya
v1.4.2
8037c38
Compare
Choose a tag to compare
v1.4.2

GUI fixes:

GUI

daemon

https://github.com/evilsocket/opensnitch/releases/tag/v1.4.0

Assets 6
Loading