Skip to content

Getting started

wiki auto updater edited this page Jan 8, 2021 · 6 revisions

After installing opensnitch, the daemon will start intercepting connections and by default it'll allow them.

When you open the GUI, you'll see all the connections and processes that has intercepted, and it'll prompt you to allow or deny new outgoing connections.

The default action is to allow outgoing connections, so you can let it run for a while (hours, days, weeks), and observe what your machine is doing.

Once you know which are the common processes, IPs and hosts that your machine is connecting to, you can start creating rules to deny or allow them.

A common practice is to apply a rule of "Least privilege", i.e., block all by default and allow only those processes or connections that you want to.

Read more about rules.

Some processes are part of the GNU/Linux system, and critical to the well functioning of it. Some of these processes are:

/usr/bin/xbrlapi
/usr/bin/dirmngr
/usr/bin/kdeinit5

Some others are not critical, but as part of the system they have their function, like discovering devices or resolving domains. For example:

/usr/libexec/colord-sane
/usr/sbin/avahi-daemon
/usr/libexec/dleyna-server-service