it should be easy to monitor and control inbound and outbound connections.
an interactive firewall for inbound and outbound connections.
the rules are global, but the prompt always shows the pid/path/args of the program requesting a new rule.
based on the excellent opensnitch.
a split screen monitoring setup for a second monitor using ptop, color, pys, and a oneliner to tail tiny-snitch logs into a small and colorful format.
there are two components with separate dependencies:
tiny-snitch:
tiny-snitch-prompt
setup nftables with sudo nft -f nftables.conf
build with: make
put tiny-snitch/ on your $PATH.
tiny-snitch should be launched with sudo -E, so the qt5 prompt can use your DISPLAY.
either run it in a background terminal: sudo -E tiny-snitch
or automatically run it with cron: * * * * * sudo -E auto-restart tiny-snitch 2>&1 | rotate-logs /tmp/tinynitch.log
auto-restart and rotate-logs are not required.
permanent rules are stored in /etc/tiny-snitch.rules and /etc/tiny-snitch.adblock. edit those files and tiny-snitch will reload.
some example rules:
action address port proto
allow google.com 443 tcp
deny *.google-analytics.com * tcp
allow 172.17.*.* * tcp
allow 172.17.*.* * udp
temporary rules can be added by appending lines to /tmp/tiny-snitch.temp, which will be loaded and then truncated.
some example temporary rules:
action duration address port proto
1-hour allow google.com 443 tcp
9-minute deny *.google-analytics.com * tcp
24-hour allow 172.17.*.* * tcp
1-minute allow 172.17.*.* * udp