Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
The title almost says it all : I am migrating from OSX to Linux (Ubuntu Mate) and am searching for the equivalent of 'Little Snitch' on mac, which raises an alert box the first time a new app tries to access outside (then one can allow or deny, with options like 'for just this url/this range/everywhere', 'just this time/forever' etc.)
At this moment I didn't find any active application (my best attempt here points me to this thread)
Do you have an experience with this kind of filtering? A preferred app? One that I wouldn't need to compile?
I know the Linux community is more about just not installing worrying closed sources to begin with, but in my recent experience it looks there are almost immediate distortions to this with all printer drivers, browser plugins etc. so I'd like to start by installing such a filter as early as possible on my recent machine...
I would be very interested to learn if you find something suitable.
I too looked for a per-application firewall when I moved over to Linux and was quite surprised that an adequate solution didn't exist (I had a look at Douane but it wasn't up to the task).
Have you tried all three programs that you mention?
Have you tried all three programs that you mention?
Hi Hydrurga,
No, I didn't try them up to now -in fact my migration process from OSX appears quite long, I have really many applications to be replaced and little time... All I did is check that the apps I found were both old and not present on 'easy-access' repositories.
But definitely I'll come back to this, and let you know here.
By the way, when you say Douane was not to the task, whet did you mean : not mature enough? Too few functions? Too much intruding at root level?
TIA!
Hervé
Hi Hydrurga,
No, I didn't try them up to now -in fact my migration process from OSX appears quite long, I have really many applications to be replaced and little time... All I did is check that the apps I found were both old and not present on 'easy-access' repositories.
But definitely I'll come back to this, and let you know here.
By the way, when you say Douane was not to the task, whet did you mean : not mature enough? Too few functions? Too much intruding at root level?
TIA!
Hervé
Ah, I was hoping you wouldn't ask me that about Douane. All I remember is trying it out, perhaps twice in the last couple of years, and both times thinking "No".
Although it's a year and a half old, the following review might be of interest:
I too went through the migration process, but from Windows. I had the luxury of some time though. I set up a dual boot with Mint 17.3 (at the time) and installed VirtualBox running Windows 7 within Mint. One by one I looked for good alternatives for my Windows software - if I found one then I installed it on Mint, if I didn't then I installed the Windows version in VirtualBox. The idea was to eventually never boot up into Windows itself (and I never do now).
Extremely interesting indeed -starting from there I landed on Firejail (https://firejail.wordpress.com/) which seems quite close to what we want, totally active, associated to a GUI and even available in the preset repos of my standard Ubuntu Mate...
Thank you infinitely, as one says in french -I'll come back to report :-)
Extremely interesting indeed -starting from there I landed on Firejail (https://firejail.wordpress.com/) which seems quite close to what we want, totally active, associated to a GUI and even available in the preset repos of my standard Ubuntu Mate...
Thank you infinitely, as one says in french -I'll come back to report :-)
De rien infiniment.
Is Firejail not a sandbox product though, similar to Sandboxie? I have to admit that I did use it, but felt it didn't give me the coverage that Sandboxie used to in Windows. I also found my Firejail-sandboxed browser running as root at one point and so, considering that to be anathema, stopped using Firejail. It could have been something I misconfigured though.
I tried to install Douane yesterday. It has quite a long list of packages and dependencies that need installing before you get to installing Douane itself. I worked my way through them, found myself with a dependency conflict and so gave up on the attempt (I know, I should have been more persistent, but sometimes you get a good/bad feeling about how easy an application is going to be to use).
(...) I also found my Firejail-sandboxed browser running as root at one point and so, considering that to be anathema, stopped using Firejail. It could have been something I misconfigured though.
I saw this question had been raised as a comment on their site : the answer is, it's the related Firejail containers that run as root, but their contents (here the browser) does not. Now, I didn't try yet...
Quote:
Originally Posted by hydrurga
I tried to install Douane yesterday. It has quite a long list of packages and dependencies that need installing before you get to installing Douane itself. I worked my way through them, found myself with a dependency conflict and so gave up on the attempt (I know, I should have been more persistent, but sometimes you get a good/bad feeling about how easy an application is going to be to use).
This is exactly where I am too :-D
And I'll probably stop here too for the moment, specially as my SO's linux machine will arrive next week -so ALL the significant features I must close over the week-end ;-)
Just a quick comeback on this topic : in addition to Firejail which I find quite mature, I just discovered "opensnitch" which aims more clearly at being the linux clone to macintosh littlesnitch.
I tried it just a little bit (needs to be launched with python3 from the terminal) but at this moment I have trouble to clear apps for access (there indeed are per-app clearance dialogs appearing at the right time, e. g. first time you launch a browser, but clearing them doesn't seem to work OK here, maybe because I don't have all the dependances correct... And I didn't find a way to stop it other than rebooting at this moment ;-)
But well, it IS aiming at becoming exactly what I want...
H.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.