# evilsocket/opensnitch **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/evilsocket-opensnitch).** 12,899 stars · 600 forks · Python · gpl-3.0 ## Links - GitHub: https://github.com/evilsocket/opensnitch - awesome-repositories: https://awesome-repositories.com/repository/evilsocket-opensnitch.md ## Topics `application-firewall` `data-breach` `firewall` `linux` `networking` `security` ## Description Opensnitch is a host-based application firewall for Linux that monitors and intercepts outbound network connections in real time. By hooking into kernel-level interfaces, it tracks system-wide network activity and maps connection attempts to specific local processes, allowing users to explicitly permit or deny traffic on a per-application basis. The project distinguishes itself through its ability to manage security policies across multiple distributed nodes from a single, unified dashboard. This centralized management is secured via encrypted socket communication, enabling consistent rule enforcement and monitoring across remote machines. It further supports granular control by validating executable integrity, filtering based on environment variables, and isolating process network access to prevent unauthorized data transmission. Beyond basic filtering, the system provides comprehensive observability tools, including real-time connection inspection, traffic logging, and the ability to export security events to external management systems. Users can define complex, prioritized rule sets that incorporate blocklists, temporary access durations, and path-based restrictions to secure their environment against unauthorized communication. ## Tags ### Security & Cryptography - [Firewalls](https://awesome-repositories.com/f/security-cryptography/firewalls.md) — Monitors and intercepts outbound network connections, prompting users to allow or deny traffic per process. - [Application Access Controls](https://awesome-repositories.com/f/security-cryptography/application-access-controls.md) — Prompts for user approval before allowing applications to establish network connections. ([source](https://github.com/evilsocket/opensnitch/wiki/OpenSnitch-in-action)) - [Network Access Control](https://awesome-repositories.com/f/security-cryptography/network-access-control.md) — Restricts network access for specific processes by prompting for user approval or applying rules based on executable paths. - [Outbound Network Blockers](https://awesome-repositories.com/f/security-cryptography/network-infrastructure-security/web-network-security/network-security/network-routing-access-control/network-access-controls/outbound-network-blockers.md) — Hooks kernel functions to monitor and capture connection details for all processes to prevent unauthorized data transmission. ([source](https://github.com/evilsocket/opensnitch/wiki/Configurations)) - [Traffic Filtering](https://awesome-repositories.com/f/security-cryptography/traffic-filtering.md) — Configures granular filtering for network connections by specifying executable paths, destination hosts, and ports. ([source](https://github.com/evilsocket/opensnitch/wiki/Rules)) - [Distributed Policy Management](https://awesome-repositories.com/f/security-cryptography/access-control-centralization/distributed-policy-management.md) — Manages security policies across multiple distributed nodes from a single, unified dashboard. ([source](https://github.com/evilsocket/opensnitch/wiki/Nodes)) - [Firewall Configurations](https://awesome-repositories.com/f/security-cryptography/firewall-configurations.md) — Provides a graphical interface to list, edit, and perform batch operations on traffic filtering rules. ([source](https://github.com/evilsocket/opensnitch/wiki/System-rules)) - [Firewall Policies](https://awesome-repositories.com/f/security-cryptography/firewall-policies.md) — Manages and monitors network security rules across multiple distributed nodes from a single unified dashboard. - [Secure Node Networking](https://awesome-repositories.com/f/security-cryptography/secure-node-networking.md) — Encrypts network traffic between distributed nodes using security certificates to prevent unauthorized interception. ([source](https://github.com/evilsocket/opensnitch/wiki/Nodes-authentication)) - [Security Policy Management](https://awesome-repositories.com/f/security-cryptography/security-policy-controllers/security-policy-management.md) — Provides a centralized dashboard for managing firewall rules and security policies across multiple distributed network nodes. - [Runtime and Process Isolation](https://awesome-repositories.com/f/security-cryptography/application-and-system-security/sandbox-and-isolation/runtime-process-isolation.md) — Requires individual authorization for every process and subprocess to prevent unauthorized network permission inheritance. ([source](https://github.com/evilsocket/opensnitch/wiki/FAQs)) - [Domain Blocklists](https://awesome-repositories.com/f/security-cryptography/domain-blocklists.md) — Supports blocking outbound connections based on external lists of domains, IP addresses, and file hashes. ([source](https://github.com/evilsocket/opensnitch/wiki/block-lists)) - [Binary Integrity Verification](https://awesome-repositories.com/f/security-cryptography/security/utilities/cryptographic-implementation-tools/binary-integrity-verification.md) — Validates the checksum of an application to prevent unauthorized or modified binaries from establishing connections. ([source](https://github.com/evilsocket/opensnitch/wiki/Rules)) - [Temporary Access Rules](https://awesome-repositories.com/f/security-cryptography/security/policies/access-control/temporary-access-rules.md) — Allows setting expiration durations for rules to permit specific network connections only for a limited time. ([source](https://github.com/evilsocket/opensnitch/wiki/Rules)) - [Process Environment Filtering](https://awesome-repositories.com/f/security-cryptography/security/policies/host-resource-access/environment-access-controls/process-environment-filtering.md) — Prevents or permits network connections based on process environment variables to mitigate malicious activity like library injection. ([source](https://github.com/evilsocket/opensnitch/wiki/Rules-examples)) - [Path Access Restrictions](https://awesome-repositories.com/f/security-cryptography/security/policies/host-resource-access/file-system-access-controls/path-access-restrictions.md) — Restricts network access for executables running from temporary directories or other untrusted locations. ([source](https://github.com/evilsocket/opensnitch/wiki/Rules-examples)) - [Rule Priority Logic](https://awesome-repositories.com/f/security-cryptography/policy-based-access-control/rule-priority-logic.md) — Evaluates network access policies based on explicit priority flags to determine whether to permit or reject connection attempts. ([source](https://github.com/evilsocket/opensnitch/wiki/Rules)) ### System Administration & Monitoring - [Traffic Monitoring Tools](https://awesome-repositories.com/f/system-administration-monitoring/traffic-monitoring-tools.md) — Provides real-time monitoring and logging of outbound network traffic mapped to specific local processes. ([source](https://github.com/evilsocket/opensnitch/wiki/The-Events-window)) - [Alerting Systems](https://awesome-repositories.com/f/system-administration-monitoring/alerting-and-incident-management/alerting-systems.md) — Alerts users to new or unauthorized connection attempts in real time. ([source](https://github.com/evilsocket/opensnitch/wiki/The-Preferences-window)) - [Real Time Process Monitors](https://awesome-repositories.com/f/system-administration-monitoring/monitoring-and-observability/real-time-process-monitors.md) — Tracks and displays real-time system events and network behavior associated with specific running applications. ([source](https://github.com/evilsocket/opensnitch/wiki/Configurations)) - [Network Traffic Analyzers](https://awesome-repositories.com/f/system-administration-monitoring/network-traffic-analyzers.md) — Tracks and logs real-time system-wide network activity, mapping connection attempts to specific local processes. - [System Activity Monitoring](https://awesome-repositories.com/f/system-administration-monitoring/system-activity-monitoring.md) — Observes and logs real-time network socket activity and process behavior to identify suspicious communication patterns. - [Event Monitoring Systems](https://awesome-repositories.com/f/system-administration-monitoring/event-monitoring-systems.md) — Streams intercepted network connection events to external logging systems for centralized security analysis. ([source](https://github.com/evilsocket/opensnitch/wiki/SIEM-integration)) - [Security Audit Logs](https://awesome-repositories.com/f/system-administration-monitoring/security-audit-logs.md) — Streams intercepted network connection events to external management systems for centralized analysis and auditing. ### DevOps & Infrastructure - [Distributed Firewall Orchestration](https://awesome-repositories.com/f/devops-infrastructure/worker-node-management/distributed-orchestration/distributed-firewall-orchestration.md) — Enables centralized management and monitoring of security policies across multiple distributed network nodes. ### Networking & Communication - [Kernel Networking Hooks](https://awesome-repositories.com/f/networking-communication/kernel-networking-hooks.md) — Hooks into kernel-level interfaces to intercept and capture system-wide network connection attempts in real time. - [Traffic Filtering Rules](https://awesome-repositories.com/f/networking-communication/traffic-filtering-rules.md) — Matches network connection requests against prioritized user-defined policies based on process paths and destination endpoints. - [Client Connection Inspections](https://awesome-repositories.com/f/networking-communication/network-reliability-diagnostics/connection-session-management/connection-management/client-connection-inspections.md) — Provides a real-time view of current network sockets and associated node activity to offer visibility into communication states. ([source](https://github.com/evilsocket/opensnitch/wiki/The-Events-window)) - [Network Policy Enforcement](https://awesome-repositories.com/f/networking-communication/network-policy-enforcement.md) — Applies global allow or deny actions to handle network requests when no specific rule matches. ([source](https://github.com/evilsocket/opensnitch/wiki/Configurations)) - [Log Querying](https://awesome-repositories.com/f/networking-communication/traffic-filters/log-querying.md) — Enables filtering and searching of connection logs using criteria based on process metadata and network endpoints. ([source](https://github.com/evilsocket/opensnitch/wiki/The-Events-window)) ### Operating Systems & Systems Programming - [Background Daemons](https://awesome-repositories.com/f/operating-systems-systems-programming/system-administration-maintenance/system-services/background-daemons.md) — Runs a background service that evaluates intercepted connection events against persistent rule sets to determine traffic access.