Methods of payment Abuse
English

OpenSnitch: The Application Firewall Every Linux User Needs

17.06.2025, 18:58
Content:

If you really want to control which apps on your Linux machine connect to the internet, a traditional firewall might not be enough. What you need is OpenSnitch. Most Linux users rely on tools like iptables, ufw, or firewalld. They do a solid job, but they operate at the network level and don’t let you manage internet access on a per-application basis. That’s where OpenSnitch shines — it watches outgoing connections and lets you decide which applications are allowed to go online and which aren't. In this article, we’ll look at what OpenSnitch does, why it’s useful, and how to install and start using it.

What Is OpenSnitch?

OpenSnitch is a free, open-source application firewall for Linux. It was inspired by the well-known Little Snitch on macOS. Its main job is to monitor outgoing connections, and every time a program tries to access the internet, it pops up a prompt asking: Allow or block?

Why Use OpenSnitch?

Here’s what makes it worth installing:
— Full control over which apps can access the internet
— You can see where each connection is going — IP, domain, port
— Easy-to-use interface for creating and editing rules
— Blocks suspicious apps before they send any data
— Free and open-source

Unlike traditional firewalls that mostly filter incoming traffic or follow general network rules, OpenSnitch is focused on outgoing traffic and the applications making those connections. That makes it especially useful if you want more control over what your system is doing behind the scenes.

Installing OpenSnitch

OpenSnitch is available for many popular Linux distributions, including Ubuntu, Debian, Fedora, and Arch.
First, download the latest version from the official GitHub page. You’ll find installation packages for various systems:
— .deb for Debian and Ubuntu
— .rpm for Fedora, CentOS, and RHEL

Arch Linux users can install it directly via pacman:

sudo pacman -S opensnitch

OpenSnitch has two main components:
— The daemon — this runs in the background and handles traffic monitoring
— The graphical interface — this lets you manage rules via a user-friendly UI

Installation on Debian / Ubuntu

Download both .deb files (one for the daemon and one for the UI), open a terminal in your Downloads folder, and run:

sudo apt install ./opensnitch*.deb ./python3-opensnitch-ui*.deb

Or just double-click the files — your system should handle the installation automatically.

Installation on Fedora / CentOS / RHEL

If you’ve downloaded the .rpm packages, install them with:

sudo dnf install ./opensnitch-*.rpm ./opensnitch-ui*.rpm

Then start and enable the firewall daemon:

sudo systemctl enable --now opensnitch

To launch the graphical interface:

opensnitch-ui

How OpenSnitch Works

Once OpenSnitch is running, it watches every outgoing connection. The first time an application tries to access the internet, you’ll see a prompt asking whether to allow or deny it.

The window will show:
— The name and full path of the application
— The destination IP address or domain
— The port being used

You can choose to:
— Allow once
— Deny once
— Always allow
— Always deny

Example: Firefox

Let’s say you open Firefox. It tries to connect online, and OpenSnitch shows you something like:

Application: /usr/lib/firefox/firefox
Address: 93.184.216.34 (example.com)
Port: 443 (HTTPS)

If you trust the app, select Always allow — and you won’t see the prompt again for that process. Not sure? Choose Deny once or Always deny.

Managing Rules

Your choices are automatically saved as rules. You can manage them easily through the interface:
— View all rules in one place
— Edit or delete them as needed
— Filter by app, domain, or IP
— Temporarily disable specific rules or even the entire firewall

Rules are stored as regular text files in /etc/opensnitch/rules/, so if you’re comfortable with editing configs, you can tweak them manually too.

Final Thoughts

OpenSnitch is a powerful tool for anyone who wants to know exactly what their Linux system is doing online. It gives you visibility, control, and peace of mind. It works on most popular distros, installs easily, and doesn’t require advanced configuration.
If you care about privacy, security, or just want to be more in control of your system’s network behavior — give OpenSnitch a try.

Other articles of the section

28.04.2025
How to Trigger and Fix a Kernel Panic in Linux
How to Trigger and Fix a Kernel Panic in Linux
28.04.2025
How to Disable Unnecessary Services in Linux and Free Up Resources
How to Disable Unnecessary Services in Linux and Free Up Resources
28.04.2025
How to Fix a USB Drive That Mounts as Read-Only in Linux
How to Fix a USB Drive That Mounts as Read-Only in Linux
28.04.2025
WebDAV: What It Is, Why You Might Need It, and How to Set It Up
WebDAV: What It Is, Why You Might Need It, and How to Set It Up