The title almost says it all : I am migrating from OSX to Linux (Ubuntu Mate) and am searching for the equivalent of 'Little Snitch' on mac, which raises an alert box the first time a new app tries to access outside (then one can allow or deny, with options like 'for just this url/this range/everywhere', 'just this time/forever' etc.)


At this moment I didn't find any active application (my best attempt here points me to this thread)


Do you have an experience with this kind of filtering? A preferred app? One that I wouldn't need to compile?


I know the Linux community is more about just not installing worrying closed sources to begin with, but in my recent experience it looks there are almost immediate distortions to this with all printer drivers, browser plugins etc. so I'd like to start by installing such a filter as early as possible on my recent machine...


Thank you!
Hervé

Hi Hervé.

I would be very interested to learn if you find something suitable.

I too looked for a per-application firewall when I moved over to Linux and was quite surprised that an adequate solution didn't exist (I had a look at Douane but it wasn't up to the task).

Have you tried all three programs that you mention?

Hi Hydrurga,
No, I didn't try them up to now -in fact my migration process from OSX appears quite long, I have really many applications to be replaced and little time... All I did is check that the apps I found were both old and not present on 'easy-access' repositories.
But definitely I'll come back to this, and let you know here.
By the way, when you say Douane was not to the task, whet did you mean : not mature enough? Too few functions? Too much intruding at root level?
TIA!
Hervé

Ah, I was hoping you wouldn't ask me that about Douane. All I remember is trying it out, perhaps twice in the last couple of years, and both times thinking "No".

Although it's a year and a half old, the following review might be of interest:

http://www.dedoimedo.com/computers/l...-firewall.html

I too went through the migration process, but from Windows. I had the luxury of some time though. I set up a dual boot with Mint 17.3 (at the time) and installed VirtualBox running Windows 7 within Mint. One by one I looked for good alternatives for my Windows software - if I found one then I installed it on Mint, if I didn't then I installed the Windows version in VirtualBox. The idea was to eventually never boot up into Windows itself (and I never do now).

If there's anything that you can't find replacements for then do ask on LQ (e.g. on https://www.linuxquestions.org/quest...-linux-105955/).

I found the following sites useful:

https://wiki.archlinux.org/index.php...f_applications

https://wiki.installgentoo.com/index...Linux_software

http://www.techsupportalert.com/cont...ware-linux.htm

http://lifehacker.com/lifehacker-pac...l-li-815376368

https://prism-break.org/en/categories/gnu-linux/

1 members found this post helpful.

Extremely interesting indeed -starting from there I landed on Firejail (https://firejail.wordpress.com/) which seems quite close to what we want, totally active, associated to a GUI and even available in the preset repos of my standard Ubuntu Mate...
Thank you infinitely, as one says in french -I'll come back to report :-)

De rien infiniment.

Is Firejail not a sandbox product though, similar to Sandboxie? I have to admit that I did use it, but felt it didn't give me the coverage that Sandboxie used to in Windows. I also found my Firejail-sandboxed browser running as root at one point and so, considering that to be anathema, stopped using Firejail. It could have been something I misconfigured though.

I tried to install Douane yesterday. It has quite a long list of packages and dependencies that need installing before you get to installing Douane itself. I worked my way through them, found myself with a dependency conflict and so gave up on the attempt (I know, I should have been more persistent, but sometimes you get a good/bad feeling about how easy an application is going to be to use).

I saw this question had been raised as a comment on their site : the answer is, it's the related Firejail containers that run as root, but their contents (here the browser) does not. Now, I didn't try yet...

This is exactly where I am too :-D
And I'll probably stop here too for the moment, specially as my SO's linux machine will arrive next week -so ALL the significant features I must close over the week-end ;-)

Thank you so much for your time!
H.

Just a quick comeback on this topic : in addition to Firejail which I find quite mature, I just discovered "opensnitch" which aims more clearly at being the linux clone to macintosh littlesnitch.
I tried it just a little bit (needs to be launched with python3 from the terminal) but at this moment I have trouble to clear apps for access (there indeed are per-app clearance dialogs appearing at the right time, e. g. first time you launch a browser, but clearing them doesn't seem to work OK here, maybe because I don't have all the dependances correct... And I didn't find a way to stop it other than rebooting at this moment ;-)
But well, it IS aiming at becoming exactly what I want...
H.