As an application firewall, opensnitch is designed to run automatically out-of-the-box, so has to be explicitly disabled in the template to prevent it from running there. However, I still want it to run automatically in a dispVM based on the template. Here’s what I have so far:
turns the tray icon turns black, indicating that opensnitch is operational, but manually enabling opensnitch each time is really not tenable. I’m wondering what the best approach would be to automating the final step?
In general, how can one disable an app in the template, while enabling it to start automatically in the appVMs based on that template?
Hello, I am trying to run opensnitch on my r4.2. I followed the steps outlined in this thread, and opensnitch runs. I can open the gui, etc and it shows a ‘status’ of running, but I’m not seeing any events show up.
I’m running it in my sys-firewall qube via the default-dvm.
Is there some other way to test or check that it is working properly? Or am I missing something?
I have OpenSnitch running effectively in a few (debian-12) AppVms, where I am seeing events and am able to filter my outgoing traffic, but I’m still in r4.1. I prefer to leave sys-firewall alone, so have not tried using a single instance of OpenSnitch to catch all outbound traffic. The downside of this approach is having multiple cloud icons in the tray, which all look the same.
Unfortunately the best suggestion I can offer is to try implementing OpenSnitch in an AppVm first, where I know it works. Once you’re seeing events in the AppVM, you could try implementing it in sys-firewall. The latter may require some additional tweaks, for OpenSnitch to be able to see the traffic and to play nice with nftables.