v1.7.0 · evilsocket/opensnitch · Discussion #1287 (original) (raw)
Thanks everyone for reporting bugs, fixes and new features! I cannot stress enough how important reporting bugs and ideas is.
Some of the changes mentioned and not mentioned above:
Popups
- The popups have been redesigned to include more information about the process opening outbound connections:
This way we can keep adding more information as we need it (containers -> host, mount, namespaces, etc).
For now the popups can not be resized, but we'll make it possible.
GUI plugins
The GUI now has a way to modify the GUI behaviour via plugins. It's experimental, and the idea is to keep improving it.
There're 3 plugins: highlight, downloader and virustotal. It's still not possible to configure them from the GUI.
- Highlight: allows you to highlight rows based on patterns.
- There're by default 4 actions defined in
/usr/lib/python3/site-packages/opensnitch/actions/default_configs.py - These rules can be overwritten by creating a json file under
$HOME/.config/opensnitch/actions/(one per action defined in default_configs.py, commonActionsDelegate.json, rulesActionsDelegate.json, etc).
- There're by default 4 actions defined in
- Downloader: download remote files periodically (to update blocklists for example). This probably will be moved to the daemon, to make it independent of the GUI.
- Virustotal:
- Analyze IPs, domains or hashes via the Virustotal API. It can be integrated easily with other services like *.abuse.ch services.
- Right now it modifies the popups, to display the analysis results of new outbound connections, but it could be added to the Hosts and Adresses tabs, to passively analyze domains or IPs for example.
Main window
Nodes tab
The Nodes tab has a new right panel to monitor the state of the nodes (daemons). It's a WIP, we'll keep improving it, but the idea is to have a place where you can inspect the state of the nodes, to debug any possible problem (memory and cpu use, filesystem space, etc). Useful mainly when you have remote nodes connected.
It works only when you select a node.
Netstat view
- There's a new view to list the listening or opened sockets, like what you can see with ss or netstat. In general we'll try to dump the list from the kernel, and in some cases we'll rely on /proc/net/.
- All the columns are clickable, to easily analyze what is what.
System firewall
- You can now configure the outbound policy of the system firewall (i.e.: regular nftables / iptables rules).
There were some requests to block outbound traffic if the daemon unexpectedly died. Now it's possible by enabling this option, or by enabling [x] Block outbound network traffic if the daemon unexpectedly dies from the Preferences -> Nodes tab -> Internal.
qt-material dark themes improvement
When using a dark qt-material theme, due to some icon themes design, our icons were practically invisible:
So when using one of the predefined dark qt-material theme, now we'll use our own icons (which are just the icons of the HighContrast icons theme):
