* New upstream release.
* Upload sponsored by Petter Reinholdtsen.
[dgit import unpatched opensnitch 1.5.8.1-1]
--- /dev/null
++opensnitch (1.5.8.1-1) unstable; urgency=medium
++
++ * New upstream release.
++ * Upload sponsored by Petter Reinholdtsen.
++
++ -- Gustavo Iñiguez Goya <gustavo.iniguez.goya@gmail.com> Mon, 06 Mar 2023 12:37:24 +0100
++
++opensnitch (1.5.8-2) unstable; urgency=medium
++
++ * Upload to unstable.
++ * Upload sponsored by Petter Reinholdtsen.
++
++ -- Gustavo Iñiguez Goya <gustavo.iniguez.goya@gmail.com> Tue, 21 Feb 2023 21:26:21 +0100
++
++opensnitch (1.5.8-1) experimental; urgency=medium
++
++ * New upstream release.
++
++ [ Gustavo Iñiguez Goia ]
++ * ui: added 64x64 icon.
++ * Added missing entry for GUI manual page.
++ * Updated appstream Summary field.
++ * Removed ftrace dependency from d/control.
++ * ui: updated appstream Summary field.
++ * Updated d/control Description.
++
++ [ Petter Reinholdtsen ]
++ * Added appstream content rating, no restrictions.
++ * Corrected appstream icon name.
++ * Documented appstream metadata license in d/copyright.
++ * Place manual pages in correct packages.
++
++ * Upload sponsored by Petter Reinholdtsen.
++
++ -- Gustavo Iñiguez Goya <gustavo.iniguez.goya@gmail.com> Sun, 19 Feb 2023 10:26:46 +0100
++
++opensnitch (1.5.7-3) experimental; urgency=medium
++
++ [ Gustavo Iñiguez Goia ]
++ * fixed /etc/xdg/autostart/ link
++
++ * Upload sponsored by Petter Reinholdtsen.
++
++ -- Gustavo Iñiguez Goya <gustavo.iniguez.goya@gmail.com> Wed, 15 Feb 2023 22:41:19 +0100
++
++opensnitch (1.5.7-2) experimental; urgency=medium
++
++ [ Gustavo Iñiguez Goia ]
++ * added opensnitchd manual page
++ * added new manual page, updated opensnitchd.1
++ * improved debian/tests/
++
++ * Upload sponsored by Petter Reinholdtsen.
++
++ -- Gustavo Iñiguez Goya <gustavo.iniguez.goya@gmail.com> Mon, 13 Feb 2023 12:43:19 +0100
++
++opensnitch (1.5.7-1) unstable; urgency=medium
++
++ * New upstream release
++
++ [ Gustavo Iñiguez Goia ]
++ * Set test-fw-rules.sh as flaky.
++ * Make test-fw-rules.sh more verbose.
++
++ [ Petter Reinholdtsen ]
++ * Fixed typo in nb comment of desktop file.
++ * Added appstream desktop category to metadata XML.
++
++ * Upload sponsored by Petter Reinholdtsen.
++
++ -- Gustavo Iñiguez Goya <gustavo.iniguez.goya@gmail.com> Fri, 10 Feb 2023 13:28:23 +0100
++
++opensnitch (1.5.6-1) unstable; urgency=medium
++
++ * New upstream release
++
++ [ Gustavo Iñiguez Goia ]
++ * tests: removed Architecture: restriction
++ * changed Maintainer: field to team+pkg-go
++ * added new test
++ * added Uploaders field
++ * updated Vcs* fields
++
++ [ Petter Reinholdtsen ]
++ * Added Debian package relation between opensnitch and
++ python3-opensnitch-ui.
++ * Handle autopkgtest scripts differently, as they have different
++ requirements.
++
++ * Upload sponsored by Petter Reinholdtsen.
++
++ -- Gustavo Iñiguez Goya <gustavo.iniguez.goya@gmail.com> Tue, 07 Feb 2023 21:29:48 +0100
++
+opensnitch (1.5.5-1) unstable; urgency=medium
+
+ * New upstream release.
+ * Bump Standards-Version to 4.6.2.
+ * Upload sponsored by Petter Reinholdtsen.
+
+ -- Gustavo Iñiguez Goya <gustavo.iniguez.goya@gmail.com> Wed, 01 Feb 2023 22:37:12 +0100
+
+opensnitch (1.5.4-1) unstable; urgency=high
+
+ * New upstream release. (Closes: #1030115)
+ * debian/control:
+ - Updated packages description.
+ - Removed debconf and whiptail|dialog dependencies.
+ - Added xdg-user-dirs, gtk-update-icon-cache dependencies.
+ - Point Vcs-Git field to the 1.5.0 branch.
+ * debian/postinst:
+ - Fixed opensnitch_ui.desktop installation.
+ - Fixed updating icons cache.
+ * debian/postrm:
+ - Fixed removing opensnitch_ui.desktop
+ * debian/tests/:
+ - Added autopkgtests.
+ * Upload sponsored by Petter Reinholdtsen.
+
+ -- Gustavo Iñiguez Goya <gustavo.iniguez.goya@gmail.com> Tue, 31 Jan 2023 23:48:58 +0100
+
+opensnitch (1.5.3-1) unstable; urgency=medium
+
+ * Added debian/upstream/metadata.
+ * Updated Homepage url.
+ * Updated Copyright years.
+
+ -- Gustavo-Iniguez-Goya <gustavo.iniguez.goya@gmail.com> Sun, 22 Jan 2023 21:30:45 +0100
+
+opensnitch (1.5.2.1-1) unstable; urgency=medium
+
+ * Initial release. (Closes: #909567)
+
+ -- Gustavo-Iniguez-Goya <gustavo.iniguez.goya@gmail.com> Fri, 20 Jan 2023 22:26:40 +0000
+
+opensnitch (1.5.2-1) unstable; urgency=medium
+
+ * try to mount debugfs on boot up
+
+ -- gustavo-iniguez-goya <gustavo.iniguez.goya@gmail.com> Wed, 27 Jul 2022 17:29:33 +0200
+
+opensnitch (1.5.1-1) unstable; urgency=medium
+
+ * Better eBPF cache.
+ * Fixed error resolving domains to localhost.
+ * Fixed error deleting our nftables rules.
+
+ -- gustavo-iniguez-goya <gustavo.iniguez.goya@gmail.com> Fri, 25 Feb 2022 01:21:38 +0100
+
+opensnitch (1.5.0-1) unstable; urgency=medium
+
+ * New release.
+ * Added Reject option.
+ * New lists types to block ads/malware/...
+ * Better connections interception.
+ * Better VPNs handling.
+ * Bug fixes.
+
+ -- gustavo-iniguez-goya <gustavo.iniguez.goya@gmail.com> Fri, 28 Jan 2022 23:20:38 +0100
+
+opensnitch (1.5.0~rc2-1) unstable; urgency=medium
+
+ * Better connections interception.
+ * Improvements.
+
+ -- gustavo-iniguez-goya <gustavo.iniguez.goya@gmail.com> Sun, 16 Jan 2022 23:15:12 +0100
+
+opensnitch (1.5.0~rc1-1) unstable; urgency=medium
+
+ * New features.
+
+ -- gustavo-iniguez-goya <gustavo.iniguez.goya@gmail.com> Thu, 07 Oct 2021 14:57:35 +0200
+
+opensnitch (1.4.0-1) unstable; urgency=medium
+
+ * final release.
+
+ -- gustavo-iniguez-goya <gustavo.iniguez.goya@gmail.com> Fri, 27 Aug 2021 13:33:07 +0200
+
+opensnitch (1.4.0~rc4-1) unstable; urgency=medium
+
+ * Bug fix release.
+
+ -- gustavo-iniguez-goya <gooffy1@gmail.com> Wed, 11 Aug 2021 15:17:49 +0200
+
+opensnitch (1.4.0~rc3-1) unstable; urgency=medium
+
+ * Bug fix release.
+
+ -- gustavo-iniguez-goya <gooffy1@gmail.com> Fri, 16 Jul 2021 23:28:52 +0200
+
+opensnitch (1.4.0~rc2-1) unstable; urgency=medium
+
+ * Added eBPF support.
+ * Fixes and improvements.
+
+ -- gustavo-iniguez-goya <gooffy1@gmail.com> Fri, 07 May 2021 01:08:02 +0200
+
+opensnitch (1.4.0~rc-1) unstable; urgency=medium
+
+ * Bug fix and improvements release.
+
+ -- gustavo-iniguez-goya <gooffy1@gmail.com> Thu, 25 Mar 2021 01:02:31 +0100
+
+opensnitch (1.3.6-1) unstable; urgency=medium
+
+ * Bug fix and improvements release.
+
+ -- gustavo-iniguez-goya <gooffy1@gmail.com> Wed, 10 Feb 2021 10:17:43 +0100
+
+opensnitch (1.3.5-1) unstable; urgency=medium
+
+ * Bug fix and improvements release.
+
+ -- gustavo-iniguez-goya <gooffy1@gmail.com> Mon, 11 Jan 2021 18:01:53 +0100
+
+opensnitch (1.3.0-1) unstable; urgency=medium
+
+ * Fixed how we check rules
+ * Fixed cpu spike after disable interception.
+ * Fixed cleaning up fw rules on exit.
+ * make regexp rules case-insensitive by default
+ * allow to filter by dst network.
+
+ -- gustavo-iniguez-goya <gooffy1@gmail.com> Wed, 16 Dec 2020 01:15:03 +0100
+
+opensnitch (1.3.0~rc-1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+
+ -- gustavo-iniguez-goya <gooffy1@gmail.com> Fri, 13 Nov 2020 00:51:34 +0100
+
+opensnitch (1.2.0-1) unstable; urgency=medium
+
+ * Fixed memleaks.
+ * Sort rules by name
+ * Added priority field to rules.
+ * Other fixes
+
+ -- gustavo-iniguez-goya <gooffy1@gmail.com> Mon, 09 Nov 2020 22:55:13 +0100
+
+opensnitch (1.0.1-1) unstable; urgency=medium
+
+ * Fixed app exit when IPv6 is not supported.
+ * Other fixes.
+
+ -- gustavo-iniguez-goya <gooffy1@gmail.com> Thu, 30 Jul 2020 21:56:20 +0200
+
+opensnitch (1.0.0-1) unstable; urgency=medium
+
+ * v1.0.0 released.
+
+ -- gustavo-iniguez-goya <gooffy1@gmail.com> Thu, 16 Jul 2020 00:19:26 +0200
+
+opensnitch (1.0.0rc11-1) unstable; urgency=medium
+
+ * Fixed multiple race conditions.
+ * Fixed CWD parsing when using audit proc monitor method.
+
+ -- gustavo-iniguez-goya <gooffy1@gmail.com> Wed, 24 Jun 2020 00:10:38 +0200
+
+opensnitch (1.0.0rc10-1) unstable; urgency=medium
+
+ * Fixed checking UID functions availability.
+ * Improved process path parsing.
+ * Fixed applying config from the UI.
+ * Fixed default log level.
+ * Gather CWD and process environment vars.
+ * Increase default timeout when asking for a rule.
+
+ -- gustavo-iniguez-goya <gooffy1@gmail.com> Sat, 13 Jun 2020 18:45:02 +0200
+
+opensnitch (1.0.0rc9-1) unstable; urgency=medium
+
+ * Ignore malformed rules from loading.
+ * Allow to modify and add rules from the UI.
+
+ -- gustavo-iniguez-goya <gooffy1@gmail.com> Sun, 17 May 2020 18:18:24 +0200
+
+opensnitch (1.0.0rc8) unstable; urgency=medium
+
+ * Allow to change settings from the UI.
+ * Improved connection handling with the UI.
+
+ -- gustavo-iniguez-goya <gooffy1@gmail.com> Wed, 29 Apr 2020 21:52:27 +0200
+
+opensnitch (1.0.0rc7-1) unstable; urgency=medium
+
+ * Stability, performance and realiability improvements.
+
+ -- gustavo-iniguez-goya <gooffy1@gmail.com> Sun, 12 Apr 2020 23:25:41 +0200
+
+opensnitch (1.0.0rc6-1) unstable; urgency=medium
+
+ * Fixed iptables rules deletion.
+ * Improved PIDs cache.
+ * Added audit process monitoring method.
+ * Added logrotate file.
+ * Added default configuration file.
+
+ -- gustavo-iniguez-goya <gooffy1@gmail.com> Sun, 08 Mar 2020 20:47:58 +0100
+
+opensnitch (1.0.0rc-5) unstable; urgency=medium
+
+ * Fixed netlink socket querying.
+ * Added check to reload firewall rules if missing.
+
+ -- gustavo-iniguez-goya <gooffy1@gmail.com> Mon, 24 Feb 2020 19:55:06 +0100
+
+opensnitch (1.0.0rc-3) unstable; urgency=medium
+
+ * @see: https://github.com/gustavo-iniguez-goya/opensnitch/releases
+
+ -- gustavo-iniguez-goya <gooffy1@gmail.com> Tue, 18 Feb 2020 10:09:45 +0100
+
+opensnitch (1.0.0rc-2) unstable; urgency=medium
+
+ * UI minor changes
+ * Expand deb package compatibility.
+
+ -- gustavo-iniguez-goya <gooffy1@gmail.com> Wed, 05 Feb 2020 21:50:20 +0100
+
+opensnitch (1.0.0rc-1) unstable; urgency=medium
+
+ * Initial release
+
+ -- gustavo-iniguez-goya <gooffy1@gmail.com> Fri, 22 Nov 2019 01:14:08 +0100
--- /dev/null
- Maintainer: Gustavo Iñiguez Goya <gustavo.iniguez.goya@gmail.com>
+Source: opensnitch
- Testsuite: autopkgtest-pkg-go
++Maintainer: Debian Go Packaging Team <team+pkg-go@tracker.debian.org>
++Uploaders: Gustavo Iñiguez Goya <gustavo.iniguez.goya@gmail.com>
+Section: devel
- golang-github-evilsocket-ftrace-dev,
+Priority: optional
+Build-Depends:
+ debhelper-compat (= 11),
+ dh-golang,
+ dh-python,
+ golang-any,
- Vcs-Browser: https://github.com/evilsocket/opensnitch
- Vcs-Git: https://github.com/evilsocket/opensnitch.git -b 1.5.0
+ golang-github-fsnotify-fsnotify-dev,
+ golang-github-google-gopacket-dev,
+ golang-github-google-nftables-dev,
+ golang-github-iovisor-gobpf-dev,
+ golang-github-vishvananda-netlink-dev,
+ golang-golang-x-net-dev,
+ golang-google-grpc-dev,
+ golang-goprotobuf-dev,
+ libmnl-dev,
+ libnetfilter-queue-dev,
+ pkg-config,
+ protoc-gen-go-grpc,
+ pyqt5-dev-tools,
+ qttools5-dev-tools,
+ python3-all,
+ python3-grpc-tools,
+ python3-setuptools
+Standards-Version: 4.6.2
- OpenSnitch is a GNU/Linux firewall application.
++Vcs-Browser: https://salsa.debian.org/go-team/packages/opensnitch
++Vcs-Git: https://salsa.debian.org/go-team/packages/opensnitch.git
+Homepage: https://github.com/evilsocket/opensnitch
+Rules-Requires-Root: no
+XS-Go-Import-Path: github.com/evilsocket/opensnitch
+
+Package: opensnitch
+Section: net
+Architecture: any
+Depends:
+ ${misc:Depends},
+ ${shlibs:Depends},
+Recommends: python3-opensnitch-ui
+Built-Using: ${misc:Built-Using}
+Description: GNU/Linux interactive application firewall
+ Whenever a program makes a connection, it'll prompt the user to allow or deny
+ it.
+ .
+ The user can decide if block the outgoing connection based on properties of
+ the connection: by port, by uid, by dst ip, by program or a combination
+ of them.
+ .
+ These rules can last forever, until the app restart or just one time.
+ .
+ The GUI allows the user to view live outgoing connections, as well as search
+ by process, user, host or port.
+ .
+ OpenSnitch can also work as a system-wide domains blocker, by using lists
+ of domains, list of IPs or list of regular expressions.
+
+
+Package: python3-opensnitch-ui
+Architecture: all
+Section: net
+Depends:
+ ${misc:Depends},
+ ${shlibs:Depends},
+ libqt5sql5-sqlite,
+ python3-grpcio,
+ python3-notify2,
+ python3-pyinotify,
+ python3-pyqt5,
+ python3-pyqt5.qtsql,
+ python3-setuptools,
+ python3-six,
+ python3-slugify,
+ python3:any,
+ xdg-user-dirs,
+ gtk-update-icon-cache
+Recommends:
+ python3-pyasn
+Suggests: opensnitch
+Description: GNU/Linux interactive application firewall GUI
+ opensnitch-ui is a GUI for opensnitch written in Python.
+ It allows the user to view live outgoing connections, as well as search
+ for details of the intercepted connections.
+ .
+ The user can decide if block outgoing connections based on properties of
+ the connection: by port, by uid, by dst ip, by program or a combination
+ of them.
+ .
+ These rules can last forever, until restart the daemon or just one time.
+ .
+ OpenSnitch can also work as a system-wide domains blocker, by using lists
+ of domains, list of IPs or list of regular expressions.
--- /dev/null
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Source: https://github.com/evilsocket/opensnitch
+Upstream-Contact: Gustavo Iñiguez Goia <gooffy1@gmail.com>
+Upstream-Name: opensnitch
+Files-Excluded:
+ Godeps/_workspace
+
+Files: *
+Copyright:
+ 2017-2018 evilsocket
+ 2019-2023 Gustavo Iñiguez Goia
+Comment: Debian packaging is licensed under the same terms as upstream
+License: GPL-3.0+
+ This program is free software; you can redistribute it
+ and/or modify it under the terms of the GNU General Public
+ License as published by the Free Software Foundation; either
+ version 3 of the License, or (at your option) any later
+ version.
+ .
+ This program is distributed in the hope that it will be
+ useful, but WITHOUT ANY WARRANTY; without even the implied
+ warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ PURPOSE. See the GNU General Public License for more
+ details.
+ .
+ You should have received a copy of the GNU General Public
+ License along with this program. If not, If not, see
+ http://www.gnu.org/licenses/.
+ .
+ On Debian systems, the full text of the GNU General Public
+ License version 3 can be found in the file
+ '/usr/share/common-licenses/GPL-3'.
++
++Files: ui/resources/io.github.evilsocket.opensnitch.appdata.xml
++Copyright:
++ 2023 Gustavo Iñiguez Goia
++License: FTL
++ The FreeType Project LICENSE
++ ----------------------------
++ .
++ 2006-Jan-27
++ .
++ Copyright 1996-2002, 2006 by
++ David Turner, Robert Wilhelm, and Werner Lemberg
++ .
++ .
++ .
++ Introduction
++ ============
++ .
++ The FreeType Project is distributed in several archive packages;
++ some of them may contain, in addition to the FreeType font engine,
++ various tools and contributions which rely on, or relate to, the
++ FreeType Project.
++ .
++ This license applies to all files found in such packages, and
++ which do not fall under their own explicit license. The license
++ affects thus the FreeType font engine, the test programs,
++ documentation and makefiles, at the very least.
++ .
++ This license was inspired by the BSD, Artistic, and IJG
++ (Independent JPEG Group) licenses, which all encourage inclusion
++ and use of free software in commercial and freeware products
++ alike. As a consequence, its main points are that:
++ .
++ o We don't promise that this software works. However, we will be
++ interested in any kind of bug reports. (`as is' distribution)
++ .
++ o You can use this software for whatever you want, in parts or
++ full form, without having to pay us. (`royalty-free' usage)
++ .
++ o You may not pretend that you wrote this software. If you use
++ it, or only parts of it, in a program, you must acknowledge
++ somewhere in your documentation that you have used the
++ FreeType code. (`credits')
++ .
++ We specifically permit and encourage the inclusion of this
++ software, with or without modifications, in commercial products.
++ We disclaim all warranties covering The FreeType Project and
++ assume no liability related to The FreeType Project.
++ .
++ .
++ Finally, many people asked us for a preferred form for a
++ credit/disclaimer to use in compliance with this license. We thus
++ encourage you to use the following text:
++ .
++ """
++ Portions of this software are copyright © <year> The FreeType
++ Project (www.freetype.org). All rights reserved.
++ """
++ .
++ Please replace <year> with the value from the FreeType version you
++ actually use.
++ .
++ .
++ Legal Terms
++ ===========
++ .
++ 0. Definitions
++ --------------
++ .
++ Throughout this license, the terms `package', `FreeType Project',
++ and `FreeType archive' refer to the set of files originally
++ distributed by the authors (David Turner, Robert Wilhelm, and
++ Werner Lemberg) as the `FreeType Project', be they named as alpha,
++ beta or final release.
++ .
++ `You' refers to the licensee, or person using the project, where
++ `using' is a generic term including compiling the project's source
++ code as well as linking it to form a `program' or `executable'.
++ This program is referred to as `a program using the FreeType
++ engine'.
++ .
++ This license applies to all files distributed in the original
++ FreeType Project, including all source code, binaries and
++ documentation, unless otherwise stated in the file in its
++ original, unmodified form as distributed in the original archive.
++ If you are unsure whether or not a particular file is covered by
++ this license, you must contact us to verify this.
++ .
++ The FreeType Project is copyright (C) 1996-2000 by David Turner,
++ Robert Wilhelm, and Werner Lemberg. All rights reserved except as
++ specified below.
++ .
++ 1. No Warranty
++ --------------
++ .
++ THE FREETYPE PROJECT IS PROVIDED `AS IS' WITHOUT WARRANTY OF ANY
++ KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
++ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ PURPOSE. IN NO EVENT WILL ANY OF THE AUTHORS OR COPYRIGHT HOLDERS
++ BE LIABLE FOR ANY DAMAGES CAUSED BY THE USE OR THE INABILITY TO
++ USE, OF THE FREETYPE PROJECT.
++ .
++ 2. Redistribution
++ -----------------
++ .
++ This license grants a worldwide, royalty-free, perpetual and
++ irrevocable right and license to use, execute, perform, compile,
++ display, copy, create derivative works of, distribute and
++ sublicense the FreeType Project (in both source and object code
++ forms) and derivative works thereof for any purpose; and to
++ authorize others to exercise some or all of the rights granted
++ herein, subject to the following conditions:
++ .
++ o Redistribution of source code must retain this license file
++ (`FTL.TXT') unaltered; any additions, deletions or changes to
++ the original files must be clearly indicated in accompanying
++ documentation. The copyright notices of the unaltered,
++ original files must be preserved in all copies of source
++ files.
++ .
++ o Redistribution in binary form must provide a disclaimer that
++ states that the software is based in part of the work of the
++ FreeType Team, in the distribution documentation. We also
++ encourage you to put an URL to the FreeType web page in your
++ documentation, though this isn't mandatory.
++ .
++ These conditions apply to any software derived from or based on
++ the FreeType Project, not just the unmodified files. If you use
++ our work, you must acknowledge us. However, no fee need be paid
++ to us.
++ .
++ 3. Advertising
++ --------------
++ .
++ Neither the FreeType authors and contributors nor you shall use
++ the name of the other for commercial, advertising, or promotional
++ purposes without specific prior written permission.
++ .
++ We suggest, but do not require, that you use one or more of the
++ following phrases to refer to this software in your documentation
++ or advertising materials: `FreeType Project', `FreeType Engine',
++ `FreeType library', or `FreeType Distribution'.
++ .
++ As you have not signed this license, you are not required to
++ accept it. However, as the FreeType Project is copyrighted
++ material, only this license, or another one contracted with the
++ authors, grants you the right to use, distribute, and modify it.
++ Therefore, by using, distributing, or modifying the FreeType
++ Project, you indicate that you understand and accept all the terms
++ of this license.
++ .
++ 4. Contacts
++ -----------
++ .
++ There are two mailing lists related to FreeType:
++ .
++ o freetype@nongnu.org
++ .
++ Discusses general use and applications of FreeType, as well as
++ future and wanted additions to the library and distribution.
++ If you are looking for support, start in this list if you
++ haven't found anything to help you in the documentation.
++ .
++ o freetype-devel@nongnu.org
++ .
++ Discusses bugs, as well as engine internals, design issues,
++ specific licenses, porting, etc.
++ .
++ Our home page can be found at
++ .
++ https://www.freetype.org
--- /dev/null
--- /dev/null
++.\" Copyright (c) 2023 Gustavo Iñiguez Goya <gustavo.iniguez.goya@gmail.com>
++.\" All rights reserved.
++.\"
++.\" SPDX-License-Identifier: GPL-3.0-or-later
++.de CW
++.sp
++.in +4n
++.nf
++.ft CW
++..
++.de CE
++.ft R
++.fi
++.in
++.sp
++..
++.\" Like .OP, but with ellipsis at the end in order to signify that option
++.\" can be provided multiple times. Based on .OP definition in groff's
++.\" an-ext.tmac.
++.de OM
++. ie \\n(.$-1 \
++. RI "[\fB\\$1\fP" "\ \\$2" "]...\&"
++. el \
++. RB "[" "\\$1" "]...\&"
++..
++.\" Required option.
++.de OR
++. ie \\n(.$-1 \
++. RI "\fB\\$1\fP" "\ \\$2"
++. el \
++. BR "\\$1"
++..
++.TH OPENSNITCH-UI 1 "2023-02-12" "opensnitchd 1.5.6"
++.SH NAME
++opensnitch-ui \- GNU/Linux interactive firewall application
++.SH SYNOPSIS
++.SY opensnitch-ui
++.OP \-\-socket path
++.OP \-\-max-clients num
++.YS
++.SH DESCRIPTION
++.LP
++opensnitch-ui is the OpenSnitch GUI to view events intercepted by the daemon,
++and to manage the rules.
++The GUI is composed of 2 components in the same script: a server and a GUI.
++Once the GUI is launched, an icon will appear on the system tray.
++If the system tray is not available or can't be used, the Events dialog will
++be launched.
++.LP
++The GUI (i.e.: the server) will listen for new connections from daemons. You
++can have the daemon installed on multiple machines, and manage them from a
++centralized GUI. https://github.com/evilsocket/opensnitch/wiki/Nodes
++.LP
++.SH OPTIONS
++.TP
++.BI "\--socket " path
++Specifies the path or network address where the GUI (i.e.: the server) will
++listen on.
++.PP
++ Examples:
++.PP
++ Default: unix:///tmp/osui.sock
++.PP
++ - Listening on a Unix socket:
++ $ opensnitch-ui --socket unix:///tmp/osui.sock
++ * Use unix:///run/user/YOUR_USER_ID/opensnitch/osui.sock for better privacy.
++.PP
++ - Listening on port 50051, all interfaces:
++ $ opensnitch-ui --socket "[::]:50051"
++.TP
++.BI "\--max-clients " num
++Maximum number of clients to allow (default: 10).
++.SH FILES
++.I /home/$USER/.config/opensnitch/
++.RS
++Path of the GUI configuration.
++.RE
++.SH DIAGNOSTICS
++If something goes wrong, like a crash, launch the GUI from a shell to view debugging messages:
++.LP
++.RS
++$ opensnitch-ui
++.RE
++.SH REPORTING BUGS
++Problems with
++.B opensnitch-ui
++should be reported on github https://github.com/evilsocket/opensnitch/issues
++.UR https://github.com/evilsocket/opensnitch/issues
++.SH "SEE ALSO"
++.PP
++.UR https://github.com/evilsocket/opensnitch
++.B OpenSnitch
++Home Page
++.UE
++.LP
++.SH HISTORY
++.B OpenSnitch
++was originally written by Simone Margaritelli (evilsocket) in 2017-2018.
++.LP
++In 2019, after some time of inactivity, Gustavo Iñiguez Goya started
++contributing, fixing bugs and adding new functionality, with
++the esential help of the community, and valuable contributions from themighty1 and
++calesanz among others.
++.SH AUTHORS
++The complete list of
++.B OpenSnitch
++contributors can be found on https://github.com/evilsocket/opensnitch
--- /dev/null
--- /dev/null
++.\" Copyright (c) 2023 Gustavo Iñiguez Goya <gustavo.iniguez.goya@gmail.com>
++.\" All rights reserved.
++.\"
++.\" SPDX-License-Identifier: GPL-3.0-or-later
++.de CW
++.sp
++.in +4n
++.nf
++.ft CW
++..
++.de CE
++.ft R
++.fi
++.in
++.sp
++..
++.\" Like .OP, but with ellipsis at the end in order to signify that option
++.\" can be provided multiple times. Based on .OP definition in groff's
++.\" an-ext.tmac.
++.de OM
++. ie \\n(.$-1 \
++. RI "[\fB\\$1\fP" "\ \\$2" "]...\&"
++. el \
++. RB "[" "\\$1" "]...\&"
++..
++.\" Required option.
++.de OR
++. ie \\n(.$-1 \
++. RI "\fB\\$1\fP" "\ \\$2"
++. el \
++. BR "\\$1"
++..
++.TH OPENSNITCHD 1 "2023-02-12" "opensnitchd 1.5.6"
++.SH NAME
++opensnitchd \- GNU/Linux interactive firewall application
++.SH SYNOPSIS
++.SY opensnitchd
++.OP \-rules-path path
++.OP \-cpu-profile path
++.OP \-debug
++.OP \-error
++.OP \-warning
++.OP \-important
++.OM \-log-file path
++.OM \-mem-profile path
++.OP \-no-live-reload
++.OM \-process-monitor-method name
++.OM \-queue-num num
++.OM \-ui-socket path
++.OP \-version
++.OM \-workers num
++.YS
++.SH DESCRIPTION
++.LP
++opensnitchd is the OpenSnitch agent that intercepts outbound connections,
++and send them to the server. The server can be a GUI, a TUI, or a
++.I headless
++component to just log the network activity (a SIEM for example).
++By default it'll allow all connections, creating temporal rules for you
++so you can review them later.
++.LP
++.SH OPTIONS
++.TP
++.BI "\-rules-path " path
++Specifies where the rules will be written to. Default "rules".
++.TP
++.BI "\-cpu-profile " path
++A file path where the CPU data for later use will be written.
++.TP
++.BI "\-debug"
++Set LogLevel to DEBUG.
++.TP
++.BI "\-warning"
++Set LogLevel to WARNING.
++.TP
++.BI "\-important"
++Set LogLevel to IMPORTANT.
++.TP
++.BI "\-log-file " path
++A file path where the logs will be written to. This path can be a device file,
++like /dev/stdout to print logs to standard output.
++.TP
++.BI "\-mem-profile " path
++A file path where the memory data will be written once the daemon exits.
++.TP
++.BI "\-no-live-reload"
++By default daemon's rules and configuration is reloaded whenever it changes.
++This option disables this feature.
++.TP
++.BI "\-process-monitor-method " method
++Force process monitor method, overriding what is defined in the configuration.
++Valid methods: ebpf, audit, proc
++.TP
++.BI "\-queue-num " num
++Force to use this netfilter queue num. The default queue number is 0, but if
++it's already used by other software, you can set another queue number here.
++.TP
++.BI "\-ui-socket " path
++Force to use this socket path, instead of the one defined in the configuration.
++The path format is unix:///path/to/socket.sock or ip:port ("127.0.0.1:50051")
++.RS
++(https://github.com/grpc/grpc/blob/master/doc/naming.md)
++.RE
++.TP
++.BI "\-version"
++Prints out daemon version.
++.TP
++.BI "\-workers " num
++Change maximum number of workers to process outbound connections.
++By default 16 workers are launched, but if it's not enough increase this number.
++.SH FILES
++.I /etc/opensnitchd/rules/
++.RS
++Default daemon directory rules.
++.RE
++.I /etc/opensnitchd/default-config.json
++.RS
++Default daemon configuration.
++.RE
++.I /etc/opensnitchd/system-fw.json
++.RS
++Configuration of system firewall rules (iptables/nftables).
++.TP
++Firewall rules defined here bypasses OpenSnitch interception. Use it to allow VPNs or other services.
++.SH DIAGNOSTICS
++OpenSnitch needs at least one firewall rule to intercept outbound connections:
++.LP
++iptables -t mangle -L OUTPUT | grep NFQUEUE
++.RS
++NFQUEUE all -- anywhere anywhere ctstate NEW,RELATED NFQUEUE num 0 bypass
++.RE
++.LP
++If you suspect that OpenSnitch blocks an application and doesn't prompt you to allow or deny it,
++using the GUI enable the option
++.I [x] Debug invalid connections
++under Preferences -> Nodes.
++Or set the configuration option
++.B InterceptUnknown
++to true.
++.LP
++.I Tip:
++You can also add rules to the file /etc/opensnitchd/system-fw.json, to allow network services without being intercepted by the daemon.
++.LP
++Another way of debugging errors is by launching the daemon from the command line:
++.IP
++.PD 0
++.IP 1. 4
++Set LogLevel to DEBUG under Preferences -> Nodes (or LogLevel to 0 in the configuration)
++.IP 2. 4
++Stop the daemon: systemctl stop opensnitch
++.IP 3. 4
++Launch it from cli: /usr/bin/opensnitchd -rules-path /etc/opensnitchd/rules/
++.PD
++.LP
++.SH REPORTING BUGS
++Problems with
++.B opensnitchd
++should be reported on github https://github.com/evilsocket/opensnitch/issues
++.UR https://github.com/evilsocket/opensnitch/issues
++.SH HISTORY
++.B OpenSnitch
++was originally written by Simone Margaritelli (evilsocket) in 2017-2018.
++.LP
++In 2019, after some time of inactivity, Gustavo Iñiguez Goya started
++contributing, fixing bugs and adding new functionality, with
++the esential help of the community, and valuable contributions from themighty1 and
++calesanz among others.
++.SH "SEE ALSO"
++.PP
++.UR https://github.com/evilsocket/opensnitch
++.B OpenSnitch
++Home Page
++.UE
++.SH AUTHORS
++The complete list of
++.B OpenSnitch
++contributors can be found on https://github.com/evilsocket/opensnitch
--- /dev/null
--- /dev/null
++debian/man/opensnitchd.1
--- /dev/null
--- /dev/null
++debian/man/opensnitch-ui.1
--- /dev/null
-
+#!/bin/sh
- if [ -f /etc/xdg/autostart -a ! -f /etc/xdg/autostart/opensnitch_ui.desktop ]; then
+set -e
+
+autostart_by_default()
+{
- autostart_by_default
-
++ deskfile=/etc/xdg/autostart/opensnitch_ui.desktop
++ if [ -d /etc/xdg/autostart -a ! -h $deskfile -a ! -f $deskfile ]; then
+ ln -s /usr/share/applications/opensnitch_ui.desktop /etc/xdg/autostart/
+ fi
+}
+
+if command -v gtk-update-icon-cache >/dev/null && test -f /usr/share/icons/hicolor/index.theme ; then
+ gtk-update-icon-cache --quiet /usr/share/icons/hicolor/
+fi
+
++case "$1" in
++ configure)
++ # first install
++ if [ -z $2 ]; then
++ autostart_by_default
++ elif dpkg --compare-versions "$2" le "1.5.7-2"; then
++ autostart_by_default
++ fi
++ ;;
++esac
++
+#DEBHELPER#
--- /dev/null
- if [ -f /etc/xdg/autostart/opensnitch_ui.desktop ];then
+#!/bin/sh
+set -e
+
+case "$1" in
+ purge)
- pkill -15 opensnitch-ui || true
++ deskfile=/etc/xdg/autostart/opensnitch_ui.desktop
++ if [ -f $deskfile -o -h $deskfile ];then
+ rm -f /etc/xdg/autostart/opensnitch_ui.desktop
+ fi
+ ;;
+ remove)
++ pkill -15 opensnitch-ui || true
+ ;;
+esac
+
+#DEBHELPER#
--- /dev/null
+Tests: test-resources.sh
+Depends: opensnitch
++Restrictions: superficial
++
++Tests: test-fw-rules.sh
++Depends: iptables, nftables, opensnitch
++Restrictions: needs-root
--- /dev/null
--- /dev/null
++#!/bin/sh
++set -e
++
++# for some reason, go.exec.LookPath() fails to obtain the path of iptables
++# on the ci environment, even if $PATH is set correctly.
++echo "[+] PATH: $PATH"
++
++log="/var/log/opensnitchd.log"
++
++if [ -f /proc/modules ]; then
++ echo "[+] loaded modules:"
++ cat /proc/modules
++fi
++
++if [ -f $log ]; then
++ echo "[+] opensnitchd log:"
++ cat $log
++fi
++if grep "iptables not available" $log >/dev/null; then
++ echo "[!] iptables not available, falling back to nftables"
++ nft list ruleset | grep "ct state related,new queue flags bypass to 0"
++ echo "[+] Interception rule (nftables): OK"
++else
++ /usr/sbin/iptables -t mangle -L OUTPUT
++ /usr/sbin/iptables -t mangle -L OUTPUT | grep "NFQUEUE.*ctstate NEW,RELATED.*NFQUEUE num.*bypass"
++ echo "[+] Interception rule (iptables): OK"
++fi
projects / opensnitch.git / commitdiff