Rules editor

Rules can be edited from the GUI, by clicking on the name of the rule:

Each field can be literal or a regex expression.

Some examples:

• Filtering by several ports using this regex:

  [x] To this port: (53|80|443)

  targets ports 53 OR 80 OR 443.

  [x] To this port: 555[12345]

  targets ports 5551, 5552, 5553, 5554 OR 5555.

• Filtering exact domain, and nothing else: [x] To this host: github.com

• Filtering a domain and its subdomains: [x] To this host: .*\.github.com

• Filtering an executable path:

  [x] From this executable: /usr/bin/python3

• Filtering an executable path with regexp: Any python binary in /usr/bin/:

  [x] From this executable: /usr/bin/python[0-9\.]*$

  Modified ping binaries:

  [x] From this executable: (?i:.*ping)

  

See these issues for some discussions: #17, #31

Note: Don't use , to specify domains, IPs, etc. It's not supported. For example this won't work:

[x] To this host: www.example.org, www.test.me

---

Python regular expression documentation

Golang regular expression documentation

Golang regular expression syntax

Note: Golang does not support Perl syntax (like (?!...))

However you can use negated chars classes. For example, block all outgoing connections, except those to localhost:

[x] Action: deny

[x] To this destination IP: [^:127.0.0.1:]

Unconditionally blocking lists

As of v1.0.0rc10 there's no support for blocking or allowing connections ignoring the rest of the rules (see #36).

But you can achieve it using iptables:

• Allow ICMP: iptables -t mangle -I OUTPUT -p icmp -j ACCEPT

• Allow localhost connections: iptables -t mangle -I OUTPUT -d 127.0.0.1 -j ACCEPT

Note on allowing all connections to localhost:

While it might be seem obvious to allow everything to localhost, be aware that you might want to allow only certain connections/programs:

https://github.com/gustavo-iniguez-goya/opensnitch/wiki/OpenSnitch-in-action

---