[Feature Request] Filter forwarded traffic #1175
Comments
|
hi @ciandonovan , You can configure opensnitch to intercept forwarded traffic by enabling this fw rule: opensnitch/daemon/system-fw.json Line 220 in 5877e6c But I'm not sure if I understand the use case. If the daemon is running on different machines, it'll intercept the outbound connections, and send all the requests/nework activity to the GUI ("router"). If the daemon is running on the router, then yes, you would have to enable the fw rule to intercept the forwarded traffic (we have a limitation there if I'm remember correctly). If the machines where the daemon is running have containers (k8s, docker), then you would also have to enable the fw rule to intercept the forwarded traffic from the containers to the host (it's not perfect but it works). |
|
The forward configuration you provided solves that use-case. I'm guessing that option is not exposed in the GUI? I was shoehorning OpenSnitch into testing a domain - whitelist ruleset for an enterprise deployment. Worked well enough, except OpenSnitch does "reverse-DNS" through caching DNS query responses and local resolver integration (I think), which doesn't catch everything. Couldn't find any proper solution on Linux surprisingly, and have since moved to OpnSense which is more suited to my particular use-case. Its method is to take a list of domain aliases, and simply re-query them every 5 minutes or so, and cache all the A/AAAA records to be used in the firewall rulesets. Still a big fan of OpenSnitch, runs on my personal machine :) |
Summary:
OpenSnitch works quite well testing host-based firewalls. I currently have setup where
opensnitchdruns on the client device, andopensnitch-uiis run on the "router".However, it would be useful to just run both
opensnitchdandopensnitch-uion the router, and have it filter the traffic of multiple client device on a LAN with the same ruleset.Would this be out of scope for the project?
The text was updated successfully, but these errors were encountered: