MX Linux Forum

Hi Stevo.

I know that would be difficulty, but will be great to have in MX Linux Repo, one of the follow Appilcation Based Firewalls.
Douane
Leopard Flower
OpenSnitch
or another one similar to them
Gufw is great but it is difficulty to block an personal appkication with it.

There aren't any for Linux, they are either no longer developed, buggy, or both... including the ones you've listed.

Opensnitch looked promising, but I've not seen any development on it since July last year.

I would also appreciate to have Appilcation Based Firewall.

It looks like "Douane" is still developed.
https://gitlab.com/douaneapp/Douane
Not very busy, but there are always changes from time to time.

And there seems to be a much more up-to-date version of opensnitch:
https://github.com/gustavo-iniguez-goya/opensnitch

What do you think? Thank you.

Duliwi wrote: ↑Fri Oct 02, 2020 4:48 pm And there seems to be a much more up-to-date version of opensnitch:
https://github.com/gustavo-iniguez-goya/opensnitch

What do you think? Thank you.

I have been watching opensnitch for awhile, but I don’t see the point in providing it to users when the developers states this

Disclaimer

THIS SOFTWARE IS A WORK IN PROGRESS, DO NOT EXPECT IT TO BE BUG FREE AND DO NOT RELY ON IT FOR ANY TYPE OF SECURITY.

Looks like it should build though. But what is the point of a firewall if you can’t rely on it?

Thank you for your statement.

I don't know. But maybe the developers are just over-cautious and will never remove this text.
Is a security software safer, if the developers don't write such a notice?
Maybe this is just a disclaimer to exclude any liability. And it applies in principle to all security software at every stage of development.

But maybe the successor project "https://github.com/gustavo-iniguez-goya/opensnitch" simply has the disclaimer from the pre-project "https://github.com/evilsocket/opensnitch" taken over.

If it was 100% stable, secure, and ready for use the developer would remove that comment.

We can package it, but we can’t support issues if the developer isn’t. It hasn’t been updated since July BTW, not sure why.

Edit: note I said 100%, doesn’t mean you can’t use it, but it’s like having an airbag in your car when the manufacturer says “well, I wouldn’t trust it”.

opensnitch needs some work to get packaged, the developer nests the opensnitch-ui in opensnitch but builds it separately.
They include the debian build directories for both, but the opensnitch-ui is folder is inside of the opensnitch folder.

I was able to separate out the packages into individual ones and build them, but I haven't tested them to make sure nothing breaks while doing this.

I also want to ask the developer if they can create a separate repo for opensnitch-ui or work to make it so both can be built all at once.
One or the other is a correct way, but the way things are now is not right. Plus this creates a ton of unnecessary work separating them out and packaging as it is right now.

Thank you.

Maybe I will try an other way to block internet access for particular Programs. And misuse the sandboxing program firejail for this.