tinysnitch

tinysnitch

an interactive firewall for inbound and outbound connections

github.com/nathants/tinysnitch

why

it should be easy to monitor and control inbound and outbound connections.

what

an interactive firewall for inbound and outbound connections.

the rules are global, but the prompt always shows the pid/path/args of the program requesting a new rule.

based on the excellent opensnitch.

demo

a split screen monitoring setup for a second monitor using ptop, color, pys, and a oneliner to tail tinysnitch logs into a small and colorful format.

dependencies

there are two components with separate dependencies:

install

setup nftables with sudo nft -f nftables.conf

build with: make

put tinysnitch/ on your $PATH.

usage

tinysnitch should be launched with sudo -E, so the qt5 prompt can use your DISPLAY.

either run it in a background terminal: sudo -E tinysnitch

or automatically run it with cron: * * * * * sudo -E auto-restart tinysnitch 2>&1 | rotate-logs /tmp/tinynitch.log

auto-restart and rotate-logs are not required.

rules

permanent rules are stored in /etc/tinysnitch.rules and /etc/tinysnitch.adblock. edit those files and tinysnitch will reload.

some example rules:

action address port proto

allow google.com             443 tcp
deny  *.google-analytics.com *   tcp
allow 172.17.*.*             *   tcp
allow 172.17.*.*             *   udp

temporary rules can be added by appending lines to /tmp/tinysnitch.temp, which will be loaded and then truncated.

some example temporary rules:

action duration address port proto

1-hour   allow google.com             443 tcp
9-minute deny  *.google-analytics.com *   tcp
24-hour  allow 172.17.*.*             *   tcp
1-minute allow 172.17.*.*             *   udp