v1.4.3

Daemon bug fix:

• Don't load rules that fail to compile 9821800

Note: latest GUI version is1.4.2, while daemon's is 1.4.1. Release v1.4.3 is the result of all changes added to 1.4.0 branch.

Downloads

GUI

https://github.com/evilsocket/opensnitch/releases/tag/v1.4.2

Daemon

x86_64:
deb - rpm

i386:
deb - rpm

armhf (for raspberry pi, mobiles and others):
deb

arm64 (for raspberry pi, mobiles and others):
deb - rpm

Full Changelog: v1.4.2...v1.4.3

v1.5.0-rc.1

[UPDATE 17/12/2021] daemon x86_64 packages (deb/rpm) rebuilt, because somehow it was uploaded with debug traces, consuming up to 1GB of RAM.

What's new

• 0526b84 Intercept in kernel connections (#513): WireGuard, IP tunnels, NFS and SMB connections, etc (#454, #502 , #500)

Note: if WireGuard or other VPNs are still not intercepted, be sure that you have the correct eBPF module (#454 (comment))

• 8d3540f Added Reject action. Besides Deny, now you can reject connections, i.e., the application making the request won't wait the default timeout (~30s) to close the connection, improving the user experience in some situations. (Read more: #481)
  You can enable it by editing a rule or by creating a new one.
• 3b6c041 New rules types to block or allow:
  • list of IPs and network ranges.
  • lists of domains with regular expressions (you can use PiHole regexp lists for example).
• 4ea0904 Allow to filter connections by PID (also known as "by this session" / "by this instance")

What's Changed

• 479b8de improved connections parsing.
• github.com/golang/protobuf deprecated by @themighty1 in #505
• need to generate go.sum otherwise we get errors by @themighty1 in #506
• Allow to intercept more kernel connections by @gustavo-iniguez-goya in #513
• Prompt UI height and width fixes by @ryanolton in #540

New Contributors

• @ryanolton made their first contribution in #540

Full Changelog: v1.4.0...v1.5.0-rc.1

Downloads

daemon

• deb x86_64

• deb i386

• deb armhf (for raspberry pi and others)

• deb arm64 (for raspberry pi, Librem5, and others)

• rpm x86_64

• rpm arm64

• rpm i386

GUI

• rpm
• deb

(If the above packages complain about dependencies, use these ones)

• deb - for old distributions (Ubuntu <= 18.04)
• rpm - for old distributions (Fedora < 29)

v1.4.2

GUI fixes:

• Fixed several crashes on Fedora 35 8cd81e0 4224fd7 #526
• Improved/fixed GUI loading on KDE when autologin is on 34911f6 #535

GUI

• rpm
• deb

daemon

https://github.com/evilsocket/opensnitch/releases/tag/v1.4.0

v1.4.1

GUI fixes:

• Fixed French translation 3d9b9d9.
• Don't overwrite rules if they already exist af45902 14eb135 (#512).

daemon

https://github.com/evilsocket/opensnitch/releases/tag/v1.4.0

GUI

• rpm
• deb

(If the above packages complain about dependencies, use these ones)

• deb - for old distributions (Ubuntu <= 18.04)
• rpm - for old distributions (Fedora < 29)

v1.4.0

[Update 30/09/2021]: daemon rpm rebuilt to get rid of libc 2.32 version constraint.

What's new

• Added eBPF to intercept processes.
• Added nftables support.
• Added block/allow lists to block ads, spam, etc read more.
• Ability to filter connections from containers.
• GUI improvements:
  • More customizable.
  • Better performance.
  • Better integration with mobile devices.
  • Better handling of remote nodes.
  • Translated to 6 languages.

You can read more about all the changes following these links:
https://github.com/evilsocket/opensnitch/releases/tag/v1.4.0-rc.1
https://github.com/evilsocket/opensnitch/releases/tag/v1.4.0-rc.2
https://github.com/evilsocket/opensnitch/releases/tag/v1.4.0-rc.3
https://github.com/evilsocket/opensnitch/releases/tag/v1.4.0-rc.4

Don't forget the read the FAQs and known problems before reporting an issue.

Downloads

daemon

• deb x86_64
• deb i386
• deb armhf (for raspberry pi and others)
• deb arm64 (for raspberry pi, Librem5, and others)
• rpm x86_64

GUI

• rpm
• deb

(If the above packages complain about dependencies, use these ones)

• deb - for old distributions (Ubuntu <= 18.04)
• rpm - for old distributions (Fedora < 29)

v1.4.0-rc.4

The last RC of this version hopefully.

New:

• New configuration items added to the config file.
• Default process monitor method is eBPF now. If the eBPF module is not present at /etc/opensnitchd/opensnitch.o or the method cannot be activated, we'll fallback to ProcFS parsing.
• [Prefs] Allow to select what columns are displayed on the Events tab (b644853)
• [Prefs] Allow to ignore temporary rules of Duration "once" or "all temporary rules" (a3a171d)
• [UI] Allow to personalize columns width (de3c4be).
• [Rules] Added combobox to select the type of rules to list when the left panel is collapsed (b644853)

Change:

• Instead of "detect" what firewall to use, default to iptables, and allow to configure nftables or iptables from the configuration /etc/opensnitchd/default-config.json (ba7c4e1 , #455)

Bug fixes and improvements:

• Fixed missed connections (README: a354ae2)

• Restore minimized window properly on KDE (94fa3c8 , #315).

• Hungarian translation updated.

• Pop-ups layout improved (83ab1f9)

• Improved PID discovering (9a34665)

• Cache of PIDs/inodes: fixed race conditions, improvements (fbcab5a)

• Display an error message when the DB loaded from disk is corrupted (2b3fdfc , #460 )

• More GUI items internationalized.

---

Packages:

Install them from a terminal, see how

daemon

• deb x86_64
• deb i386
• deb armhf (for raspberry pi and others)
• deb arm64 (for raspberry pi, Librem5, and others)
• rpm x86_64

GUI

• rpm
• deb

(If the above packages complain about dependencies, use these ones)

• deb - for old distributions (Ubuntu <= 18.04)
• rpm - for old distributions (Fedora < 29)

v1.4.0-rc.3

New:

• Added nftables support da23c82 #370 .
• Added Hungarian translations.

Regression fixed:

• drop connections while a pop-up is running (if the default action is deny) 21c6a91

Bug fixes and improvements:

• eBPF: 1db03b5 , e5b54f0 , f143107
• lists of domains: 6041493 , 8580281 . Kudos to @Techtonictools for testing and reporting issues with this feature.
• UI: 95a30c4 , 403c218 , eaa0158 , 3d9b44c , 5e56e90
• daemon: 3d11134 , 465d531 ,

---

Packages:

Install them from a terminal, see how

daemon

• deb x86_64
• deb i386
• deb armhf (for raspberry pi and others, if not, report it please)
• deb arm64 (for raspberry pi, Librem5, and others)
• rpm x86_64

GUI

• rpm
• deb

(If the above packages complain about dependencies, use these ones)

• deb - for old distributions (Ubuntu <= 18.04)
• rpm - for old distributions (Fedora < 29)

v1.4.0-rc.2

New feature: Added new eBPF process monitor method.

Join the discussion to read more about the rest of the changes: #415

---

Packages:

Install them from a terminal, see how

daemon

• deb x86_64
• deb i386
• deb armhf (for raspberry pi, and others, if not, report it please)
• deb arm64 (for raspberry pi, Librem5, and others)
• rpm x86_64

GUI

• rpm
• deb

(If the above packages complain about dependencies, use these ones)

• deb - for old distributions (Ubuntu <= 18.04)
• rpm - for old distributions (Fedora < 29)

v1.4.0-rc.1

New features

• 53bf4f7 Thanks to @themighty1 , now the pop-ups don't block all the network traffic while the dialog is displayed.
• 8a204c0 The events displayed on the GUI can be saved to disk, instead of memory (Preferences->Database)
• 26671de When creating a rule you can select a directory with lists of domains to allow or block. Each entry of a list must be in hosts format (0.0.0.0 www.domain.com). You can combine this option with the rest of fields, so for example you can create a rule with lists of domains (ads, spam, malware, etc) to block, or you can create a rule to limit to what domains Chrome can connect to.

Improvements

4b0b8cc display an error if a monitor method has not been applied

cache

1a61a2d , 6048b0e , 630e371

auditd monitor method

e2be2b7 improved monitor method switching

rules

b066b11 create rules in a more efficient way
44e8561 reload only the changed rule(s), instead of all rules.

Fixes

a325876 fixed parsing connections.
c9ae47f fix logging when flag is passed on command line
879d18f ui: fixed monitoring processes details

Misc

f8607d8 [Locale]Add Japanese Translation
7cd16c6 Update Brazilian Portuguese translation
b292838 updated spanish translation
616681e flush conntrack at start

test, test, test: 1d23e73, 0d2e8b5, 1d277ef

---

Packages:

Install them from a terminal, see how

daemon

• deb x86_64
• deb armhf (works on raspberry pi, and others, if not, report it please)
• deb arm64 (works on raspberry pi, and others)
• rpm x86_64

GUI

• deb
• rpm
• rpm Fedora >= 29

v1.3.6

Note: If you have issues using this version, try latest v1.4.0rc2 brefore reporting an issue. Thank you!

Improvements and bug fixes release

The main fix of this release is the compatibility with some VPNs. We've also fixed some important bugs on the UI, which were causing the daemon to crash under certain circunstances.

Packages:

Install them from a terminal, see how

daemon

• deb x86_64
• deb armhf (works on raspberry pi, and others, if not, report it please)
• deb arm64 (works on raspberry pi, and others)
• rpm x86_64

GUI

• deb
• rpm
• rpm Fedora >= 29 (without pip dependencies, so your distro must have all the needed dependencies packaged in the repositories)

changes

510a351 ui, rules: replace rules received from the daemon
7995d7b ui, pop-up: fixed expanding labels
2d90714 ui: added pause state icon
3a5ee13 ui, prompt: improved showing app path and args
95e4afa ui: fixed configuring rules default duration
af9c17c maintain a cache of struct Process for currently active PIDs (#342)
3b750f7 Update Brazilian Portuguese translation
ff6ede0 preserve nfmark when NF_ACCEPT'ing packets
ee76b9c ui, stats: order rules by name by default
37f91bb ui: improved rules section
a6afb95 ui: fixed displaying node stats, rules timestamp
b467283 fixed regexp rules exceptions
e23b838 ui, stats: better position for rules panes