Important changes of this release

GUI migrated to PyQt6 #1222

• We've migrated the GUI to PyQt6 because PyQt5 has been deprecated, and many distros have started to remove it.
  ⚠️ This means that starting with v1.8.0, the GUI is no longer compatible by default with the following distros:

  • LinuxMint 21.2 or earlier.
  • Ubuntu 22.04 or earlier.
  • OpenSuse 15.5 or earlier (it works on 15.6, but you'll have to install some packages manually).

  The GUI still works if you install the packages manually with pip, and there will be a flatpak version soon.
  On the other hand, the daemon v1.8.0 should work fine with GUI v1.7.2.

Firewall rules grouped into one table, by @alice945 #1423

• Now all our firewall rules (netfilter rules) are grouped under one table called opensnitch.
  Previously we added several tables like mangle, output, input, prerouting, etc.
• If you have added system firewall rules, or if you have changed the firewall policies, apt will prompt you to update it.
  For rpm based distros you'll have to update it manually if needed.

What has changed

Daemon

• Use application specific nft table by @alice945 in #1423

• daemon/audit: allow configuring audispd_events socket path by @LordGrimmauld in #1418

• mount tracefs path if it's not mounted: #1450 , fbc72bb.

• Tasks (WIP):

  • Allow to load tasks from disk: 66ee50b
    New task IOCScanner: 1673856 README
    New downloader task: 149e0f6

• Generic improvements: 2c3120b, c719c34, 906ad17,

• Multi-node improvements: 9b33f7b,

• Performance improvements: 481dc1c, 7a0c96c

• Better tasks monitoring (process dialog, netstat, node monitoring): 8563505

GUI (server)

• Ported to PyQt6: #1009 e5d1702
• Update generate_i18n.sh - find lrelease by @munix9 in #1411
• ui: switch to python-slugify by @LordGrimmauld in #1413
• fix: restore maximized window state correctly when loading dialog geometry by @ryan-steed-usa in #1458
• Better desktop notifications: ad0df38
• Multi-node improvements: 90dfba1, 321c152, 74a7cb8, e7c36e2, e9f6468, 4729e6d, be03767, 8ac02ac, f1a04dd, 09bb7e5, 12d523b, 6f72bd1, a0bb7b6, 76f4edc,
• Allow configuring server's max workers and clients: #1453, c356c82, ada74a2.
• Better rows handling: #1428 427b37c, #1419 4f64e04,
• Pop-ups: Allow to select automatically snapd paths: #1439 339c660
• Fixed restoring maximized state: 6cd5af5

Plugins:

• New plugin version checker: #1461 58c3794

Known issues

• It seems that on some new kernels 6.17.x, we fail to create system firewall rules with some verdicts (reject, log, quota, ...)
  We'll have to investigate it.
  528091f

Downloads

You need to download the daemon and the GUI.

GUI

IMPORTANT NOTES:

Ubuntu 22.04 / PopOS! 22.x / LinuxMint 21.x / Elementary OS 7.x / Zorin users: the GUI is no longer compatible with these distributions.
See this comment after installing the GUI: #1214 (comment))

If you experience crashes on Wayland clicking on the pop-ups: open the Preferences and select "xcb" as the "Qt platform plugin", in the UI tab.`

• rpm
• deb

daemon

(NOTE: if the daemon doesn't autostart, you need to enable it: ~ $ sudo systemctl enable --now opensnitch.service)

• deb x86_64
• rpm x86_64

New Contributors

• @LordGrimmauld made their first contribution in #1413
• @alice945 made their first contribution in #1423
• @ryan-steed-usa made their first contribution in #1458

Full Changelog: v1.7.2...v1.8.0

What has changed

Packaging

• Distribute two new rules to allow by default localhost connections (#965, 8c3fa40)
  000-allow-localhost.json and 000-allow-localhost6.json by @lainedfles
  https://github.com/evilsocket/opensnitch/tree/master/daemon/data/rules

  There's also a new system firewall rule (i.e.: a netfilter rule) in system-fw.json to bypass completely the interception, but it's disabled by default.

Daemon

• Add ability to match bare IP requests (empty host name) by @Andrew15-5 in #1398
• cilium/ebpf lib updated to v0.19.0 (14e306e)
• Updated the default configuration file (you may need to update it): 1c94da7
• Improved processes cache (ca2c56d)
• Fixed crash loading outdated configurations and send a warning to the GUI (53b948b)
• Fixed stopping the PID monitor (d2fbdd9)

GUI

• Themes: New dark-white theme (#1372, 4559dd8)
• Rules editor: Allow to use commas to specify ports, IPs, etc (#1392, f671aa4)
• Pop-ups: Updated AppImages regular expression (#1377, 3f74493)
• i18n: updated translations.
• fixed several errors manipulating the system firewall rules (039a5af , 7c438de)
• fixed displaying icons with dark themes (qt-material v2.17, #1373 , 4d268c4)
• more fixes in the full changelog.

Full Changelog: v1.7.1...v1.7.2

Downloads

You need to download the daemon and the GUI.

GUI

IMPORTANT NOTES:

Ubuntu 22.04 / PopOS! 22.x / LinuxMint 21.x / Elementary OS 7.x / Zorin users: See this comment after installing the GUI: #1214 (comment))

If you experience crashes on Wayland clicking on the pop-ups: open the Preferences and select "xcb" as the "Qt platform plugin", in the UI tab.`

• rpm
• deb

daemon

(NOTE: if the daemon doesn't autostart, you need to enable it: ~ $ sudo systemctl enable --now opensnitch.service)

• deb x86_64
• rpm x86_64

What has changed

Daemon

• Improved remote loggers (#1350 , a3826c5)
• Improved obtaining the path of binaries (#1357, 376b06e).
• Improved cache of events (c198f01).
• Ebpf events improvements (9f570ea).
• Fixed loading the configuration when the Process Monitor method fails to work (f1318ef).
• Improved daemon's connection logic with the server (GUI) (a4d8d1b).
• Improved ebpf dns interception (c82dadd).

GUI

• i18n: updated Brazilian Portuguese translation by @tioguda in #1355
• check whether dist_path exists by @munix9 in #1359
• improved downloader plugin (f230b70).
• improved checksums verification (f87c3ae).
• Fixed crash when using some languages (#1353, 9ad6e11).

Other changes

• Simplify uname -a in bug_report.md by @tredondo in #1366

Full Changelog: v1.7.0.0...v1.7.1

Downloads

You need to download the daemon and the GUI.

GUI

IMPORTANT NOTES:

Ubuntu 22.04 / PopOS! 22.x / LinuxMint 21.x / Elementary OS 7.x / Zorin users: See this comment after installing the GUI: #1214 (comment))

If you experience crashes on Wayland clicking on the pop-ups: open the Preferences and select "xcb" as the "Qt platform plugin", in the UI tab.`

• rpm
• deb

daemon

(NOTE: if the daemon doesn't autostart, you need to enable it: ~ $ sudo systemctl enable --now opensnitch.service)

• deb x86_64
• rpm x86_64

v1.7.0 discussion thread: #1287

List of previous changes:
https://github.com/evilsocket/opensnitch/releases/tag/v1.7.0-rc.1
https://github.com/evilsocket/opensnitch/releases/tag/v1.7.0-rc.2

Changes since v1.7.0-rc.2

Daemon

• Added support for IPv6 tunnels (56b2d28, #1250).
• Replaced eBPF lib gobpf by Cilium (feafe87, #1222, #1312).
• Fixed DNS error with kernels 6.14.x and systemd 257 (ef92605, #1343).

GUI

• Added dark icons theme for qt-material (9009eef).
• Translations updated.

More changes

• Update i18n ru_RU by @deenle in #1306
• feat: Add script to automatically update ipasn and asnames databases in #1313
• ui,stats: handle dict-wrapped notifs in callback in #1320
• Added ebpf build rule mapping for armv8l to work with more armhf machines. by @petterreinholdtsen in #1326
• Changed how ebpf build find kernel headers from running to installed version. by @petterreinholdtsen in #1327
• Introduce new 12 hour duration option. by @petterreinholdtsen in #1324
• refactor: Update localhost rules and add IPv6 in #1332
• feat: Add bash script to sync OpenSnitch ASN data in #1331
• Added ebpf build rule mapping for s390x to s390. by @petterreinholdtsen in #1333
• Added ebpf build rule mapping for loongarch64 to loongarch. by @petterreinholdtsen in #1335
• Added ebpf build rule mapping for riscv64 to riscv. by @petterreinholdtsen in #1336
• Add loongarch64 support by @Dandan336 in #1339
• ui: remove unused imports by @ddogfoodd in #1344

New Contributors in v1.7.0

• @chncaption made their first contribution in #992
• @Huoxi-any made their first contribution in #1036
• @ponychicken made their first contribution in #1135
• @redanaheim made their first contribution in #1139
• @ariel-anieli made their first contribution in #1185
• @abuturabofficial made their first contribution in #1179
• @atriwidada made their first contribution in #1195
• @C0rn3j made their first contribution in #1198
• @carougen made their first contribution in #1237
• @e3dio made their first contribution in #1252
• @jermanuts made their first contribution in #1265
• @MEschenbacher made their first contribution in #1266
• @NormPlum made their first contribution in #1282
• @deenle made their first contribution in #1306
• @Dandan336 made their first contribution in #1339
• @ddogfoodd made their first contribution in #1344

Changes since v1.7.0-rc.2: v1.7.0-rc.2...v1.7.0.0

Full Changelog: v1.6.9...v1.7.0.0

Downloads

You need to download the daemon and the GUI.

GUI

IMPORTANT NOTES:

Ubuntu 22.04 / PopOS! 22.x / LinuxMint 21.x / Elementary OS 7.x / Zorin users: See this comment after installing the GUI: #1214 (comment))

If you experience crashes on Wayland clicking on the pop-ups: open the Preferences and select "xcb" as the "Qt platform plugin", in the UI tab.`

• rpm
• deb

daemon

(NOTE: if the daemon doesn't autostart, you need to enable it: ~ $ sudo systemctl enable --now opensnitch.service)

• deb x86_64
• rpm x86_64

What's Changed

Daemon

• Improved integration with 3rd party software (SIEM, loggers, ...) (221923d, da4761f, 98b8b06, ).
• fixed crash compiling unknown operator rules (#1295, 5828ba8).

GUI

• Improved popups layout (#1274, 58cb954).
• Improved rows selection (#1291 , fe73008, b113ed0, 0fbbbcc, f2eb3fa, 320ec18, 9d5d53d).

• Update bug_report.md by @NormPlum in #1282
• fix Weblate widget by @jermanuts in #1289
• Update Indonesian translation by @atriwidada in #1298

New Contributors

• @NormPlum made their first contribution in #1282

Full Changelog: v1.7.0-rc.1...v1.7.0-rc.2

Downloads

You need to download the daemon and the GUI.

GUI

IMPORTANT NOTES:

Ubuntu 22.04 / PopOS! 22.x / LinuxMint 21.x / Elementary OS 7.x / Zorin users: See this comment after installing the GUI: #1214 (comment))

If you experience crashes on Wayland clicking on the pop-ups: open the Preferences and select "xcb" as the "Qt platform plugin", in the UI tab.`

• rpm
• deb

daemon

(NOTE: if the daemon doesn't autostart, you need to enable it: ~ $ sudo systemctl enable --now opensnitch.service)

• deb x86_64
• rpm x86_64

First RC release of the next v1.7.0.

New features

• Obtain and display process tree: 0556dc1 , be87bc5 , 01edd36

Connections filtering:

• Allow to filter connections by:
  • md5: 7a9bb17 (#413). Note: Not enabled by default. Configurable from the GUI and file configuration.
  • parent(s) path: 2509d21 (#406). Note: Not configurable from the GUI yet.
  • username: ff3ac66 (#1236). Note: Not configurable from the GUI yet.
  • list of md5 checksums (ced8410). Note: Not configurable from the GUI yet.
• Lan access control by @nolancarougepro in #1237

Scheduled tasks

• tasks: 9e0f3a4.
• tasks: added sockets monitor task (netstat / ss similar feature) (83fad69 , #1112).
• tasks: new task nodemonitor (5861354). WIP: the GUI part not totally finished yet.

Configuration

• Allow to configure default outbound policy: 7fd436a (#1183, #884, #1201).
• Allow to configure rules directory (211c864, #449).
• Allow to configure eBPF modules path (ffb7668).
• Allow to configure system firewall configuration file (bb95a77, 54ac5a3).
• Allow to configure internal options:
  • Golang GC percentage (dc43d59).
  • Flush connections on start (8e9c1d2).
  • Max Stats and events to keep in memory when the daemon is not connected to the GUI (server).
  • Interception queue number (efc0566).
  • nfqueue bypass flag (6622df9).
  • eBPF options (eede54c).
  • Interception rules monitoring interval (54ac5a3).
• New log level Trace (only configurable via default-config.json, LogLevel: -1)

GUI

• plugins (WIP) (2a233c1 , cba52cf)
  (functional, but not configurable from the GUI yet).

  • Highlight: colorize cells or rows based on patterns.
  • Downloader: a simple downloader which downloads files to local directories, for example to download blocklists.
  • Virustotal: a plugin to analyze IPs, domains and checksums with the API of virustotal when a new popup is fired.

• netstat view: #1112

What's Changed

GUI

• popups redesigned to add more context on the process and the connection.

Configuration

• Apply configuration changes without restarting the daemon (bde5d34, 0b67c1a)

eBPF

• Better interception of some (UDP) connections (63a3b4e, #1246).
• Clean dns ebpf hooks on exit (785500c).
• performance improvement for opensnitch-procs (7442bec).
• fixed dns uprobes (1518cb3).

Others

• Improved integration with 3rd party software (SIEM, loggers, ...) (64a698f).
• Remove duplicate regex in system.go for -check-requirements by @redanaheim in #1139
• ebpf_prog/Makefile: several improvements by @ariel-anieli (#1187, #1185, #1229)
• Make example explanation consistent with regex - take #2 by @atriwidada in #1209
• fix #1245 UI rule deletion by @e3dio in #1252
• ui: make sure 'service' variable is set by @staticssleever668 in #1255
• ui: dialogs: stats: optimize string format by @MEschenbacher in #1266
• Indonesian translation by @atriwidada in #1195
• New Czech, Hindi, Italian and Swedish translations.

New Contributors

• @chncaption made their first contribution in #992
• @Huoxi-any made their first contribution in #1036
• @ponychicken made their first contribution in #1135
• @redanaheim made their first contribution in #1139
• @ariel-anieli made their first contribution in #1185
• @abuturabofficial made their first contribution in #1179
• @atriwidada made their first contribution in #1195
• @C0rn3j made their first contribution in #1198
• @nolancarougepro made their first contribution in #1237
• @e3dio made their first contribution in #1252
• @jermanuts made their first contribution in #1265
• @MEschenbacher made their first contribution in #1266

Full Changelog: v1.6.3...v1.7.0-rc.1

Downloads

You need to download the daemon and the GUI.

GUI

IMPORTANT NOTES:

Ubuntu 22.04 / PopOS! 22.x / LinuxMint 21.x / Elementary OS 7.x / Zorin users: See this comment after installing the GUI: #1214 (comment))

If you experience crashes on Wayland clicking on the pop-ups: open the Preferences and select "xcb" as the "Qt platform plugin", in the UI tab.`

• rpm
• deb

daemon

(NOTE: if the daemon doesn't autostart, you need to enable it: ~ $ sudo systemctl enable --now opensnitch.service)

• deb x86_64
• rpm x86_64

GUI bugfix release.

(the daemon has not changed).

Bug fixes

• fixed Events search with different languages
• fixed deleting rules #1245
• fixed destination host regexp #1264 (special thanks to @fwdekker for reporting this issue).

Downloads

You need to download the daemon and the GUI.

GUI

IMPORTANT NOTES:

Ubuntu 22.04 / PopOS! 22.x / LinuxMint 21.x / Elementary OS 7.x / Zorin users: See this comment after installing the GUI: #1214 (comment))

If you experience crashes on Wayland clicking on the pop-ups: open the Preferences and select "xcb" as the "Qt platform plugin", in the UI tab.`

• rpm
• deb

daemon

(NOTE: if the daemon doesn't autostart, you need to enable it: ~ $ sudo systemctl enable --now opensnitch.service)

• deb x86_64
• rpm x86_64

Full Changelog: v1.6.7...v1.6.8

GUI bugfix release.

(the daemon has not changed, don't need to download it).

Bug fixes

• do not verify lists path on remote nodes - 446cb1a
• fixed delay closing the GUI - 36f9242
• fixed exception getting node address when adding a new rule - 99cd9f1)
• fixed restoring policies when disabling the firewall - 12baf1a
• fixed enabling/disabling global firewall button - ee089af
• fixed searching in tabs Users, Nodes - 332ec0f, d1f58eb
• fixed displaying firewall button icon - f9e1a6a
• fixed acting on selected rows - 3416c38

What has changed

Improvements

• Allow to use multiple protobuf versions - f91f1a9
  This commit fixes an error that prevented UI from opening on OpenSuse 15.6 versions.

• Minor UI performance improvement, that can be noticeable - abdfd39

• restrict allowed characters in the rule name - 25e9268

• popups improvements:

  • better display of special paths (long pahs / binary names, long arguments, arguments with special characters, etc) - 94fba0b , 2f3b594
  • restore dialogs' original size after every popup - 6004f36, 14a1c3b

• translations updated.

New features

• now it's possible to display all the details of the connections 2b3028e , 906b225
• you can also configure what columns to display in the Events tab.
  Note: you may need to reconfigure the columns options, under Preferences -> UI
• allow to configure from the GUI what Qt platform plugin to use (if OpenSnitch behaves erratic under Wayland, allow to configure from the GUI the xcb plugin) 54ef3f6

Full Changelog: v1.6.6...v1.6.7

Downloads

You need to download the daemon and the GUI.

GUI

IMPORTANT NOTES:

Ubuntu 22.04 / PopOS! 22.x / LinuxMint 21.x / Elementary OS 7.x / Zorin users: See this comment after installing the GUI: #1214 (comment))

If you experience crashes on Wayland clicking on the pop-ups: open the Preferences and select "xcb" as the "Qt platform plugin", in the UI tab.`

• rpm
• deb

daemon

(NOTE: if the daemon doesn't autostart, you need to enable it: ~ $ sudo systemctl enable --now opensnitch.service)

• deb x86_64
• rpm x86_64

Bug fixes

• fixed exporting/importing rules(1ec8a02, 0fc4239, 7519db7, #1140)
• [daemon] Remove duplicate regex in system.go for -check-requirements (496e905, by @redanaheim )
• [GUI] keep working if pyinotify fails loading (94e8156, #1132)

What has changed

Improvements

• allow to easily configure rules without the GUI (fe66f9a, #1047)
• [daemon][eBPF] performance improvement handling exit events (15fcf67)
• [daemon][eBPF] disable events on too many errors (8895d6f, #1099 #1082)
• [daemon] added more kernel config paths for checking system requirements (93a3fb7, #1117)
• [GUI] improved authentication options (ff407e7, c540975)
• [GUI] improve wording (7653a0a, by @ponychicken)
• [GUI] ignore SameFile error when enabling autostart (03439f4)

New features

• [GUI] added Reject to the list of DefaultAction(s) (91190c8, #1108)
• [GUI] allow to configure screen/themes scale factor (362c0da)

Known bugs

• DNS eBPF module does not work on armhf and i386 arquitectures (not tested with modern kernels 6.x). See the commits for more info and if you can help don't hesitate to open a PR or drop a comment :) c514946 , 9a6dfe7
• opensnitch-procs eBPF module behaves a bit erratic on arm64 architecture (not new of this release) - d2d89e2

Full Changelog: v1.6.5...v1.6.6

Downloads

You need to download the daemon and the GUI.

daemon

(NOTE: if the daemon doesn't autostart, enable it: ~ $ sudo systemctl enable --now opensnitch.service)

• deb x86_64
• rpm x86_64

GUI

IMPORTANT NOTES:

Ubuntu 22.04 / PopOS! 22.x / LinuxMint 21.x / Elementary OS 7.x / Zorin users: See this comment after installing the GUI: #647 (comment))

If you experience crashes on Wayland clicking on the pop-ups: launch the GUI as follow: ~ $ QT_QPA_PLATFORM=xcb opensnitch-ui

• rpm
• deb

• Fixed bug when using the GUI with multiple remote nodes. #1093

Full Changelog: v1.6.5...v1.6.5.1