explaingit

evilsocket/opensnitch

13,629PythonAudience · ops devopsComplexity · 3/5LicenseSetup · moderate

TLDR

OpenSnitch is a Linux application firewall that prompts you whenever any program tries to connect to the internet, letting you allow or block it, the Linux equivalent of Little Snitch on Mac.

Mindmap

mindmap
  root((opensnitch))
    What It Does
      Outgoing firewall
      Per-app prompts
      Domain blocking
    Features
      Ad and tracker lists
      Inbound firewall rules
      Multi-machine management
    Installation
      .deb for Ubuntu
      .rpm for Fedora
      Background service
    Integrations
      nftables rules
      Security monitoring
      Discord community
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Get a pop-up prompt on Linux every time an app tries to connect to the internet and choose to allow or block it.

USE CASE 2

Block ad networks, tracker lists, or known malware domains system-wide on your Linux machine.

USE CASE 3

Manage outgoing firewall rules across multiple Linux machines from a single central interface.

USE CASE 4

Monitor which apps are sending data to unexpected servers and catch telemetry or adware connections.

Tech stack

PythonLinuxnftables

Getting it running

Difficulty · moderate Time to first run · 30min

Linux only, install via .deb or .rpm package and start the background daemon before launching the graphical interface.

GPL v3, free to use and modify, but any changes you distribute must be released as open source under GPL.

In plain English

OpenSnitch is a firewall application for Linux that gives you control over which programs on your computer are allowed to make connections to the internet. Most firewalls block incoming traffic by default and leave outgoing traffic unrestricted. OpenSnitch watches outgoing connections too, and pops up a prompt whenever an application tries to contact a server, letting you allow or deny that specific connection. The idea is borrowed from Little Snitch, a well-known Mac application that does the same thing. On Linux, OpenSnitch fills the same role: if an app suddenly starts phoning home to an unexpected address, you will see it and can block it. This can catch adware, telemetry, or unexpected data leaving your machine. Beyond per-app prompts, OpenSnitch can block entire categories of domains system-wide, such as known ad networks, tracker lists, or malware domains. It also lets you configure the broader system firewall (using the Linux nftables system) through a graphical interface, setting rules for inbound connections as well. For teams or organizations, it supports managing multiple machines from a single central interface, and it can send event data to security monitoring systems. Installation is done through standard Linux package files: a .deb for Debian-based distributions like Ubuntu, or an .rpm for Fedora and similar. After installing, you run the graphical interface from the applications menu. The firewall itself runs as a background service. The project is open source under the GPL3 license and is actively maintained by community contributors. A Discord server and GitHub Discussions page are available for questions and for sharing examples of unexpected connections that users have caught.

Copy-paste prompts

Prompt 1
I installed OpenSnitch on Ubuntu. How do I create a permanent rule to block all outgoing connections from a specific application?
Prompt 2
Help me configure OpenSnitch to load a blocklist of ad network and tracker domains and block them system-wide.
Prompt 3
I want OpenSnitch to send connection event data to my security monitoring system. How do I set that integration up?
Open on GitHub → Explain another repo

← evilsocket on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.