Replies: 1 comment
-
Hi @c33s , And apologies for the delay in replying.
If the binary "nft" is installed and opensnitch was able to add the rules, they should appear in the terminal. Otherwise review the log /var/log/opensnitchd.log, there should be errors when adding the rules. Try it with: If the "nft" binary is not installed then you won't see the rules, because we add the rules directly to the kernel. You used iptables to list the rules, but as far as I can tell it doesn't list the nftables rules anymore.
Thank you! In all these years, I haven't found a software distributed by major distros that phones home for whatever purposes. Of course I haven't tested all the binaries of Debian for example, but I think that the open source model from major distributions to distribute software seems to work really well :) |
Beta Was this translation helpful? Give feedback.
-
tldr: i configured nftables as backend and the fw looks to work fine but i noticed that the nftables service is not runing and the listing shows no rules. should this be so? why does this work? does it really work in full?
opensnitch version: 1.6.4
os: debian 12
kernel: 6.1.0-17 amd64
backend: nft
window manager: kde
i switched from windows to linux (debian 12) and this awesome tool made it possible. having no application firewall blocked me from switching to linux for years. i really can't understand why people are trust every program without any doubt. thank you for this application!
switching to linux on my desktop requires quite a lot of learning. on my servers i used shorewall a iptables compiler where i never directly interacted with the resulting rules. for opensnitch i use nftables as it is the successor. opensnitch worked very well and i was able to block all the application which should simply stay local or where trying to send "information for enhancement" back home (for example git-butler).
currently i am experimenting with docker and kubernetes where most docs write to disable the firewall (which is no option for me). to learn what chains are created by docker/kubernetes i used the list command and noticed the chains are empty.
why does the fw work? should nftables service run? how does this work?
Beta Was this translation helpful? Give feedback.
All reactions