Linux has a pretty good firewall, but it’s not very intuitive for new users. There aren’t any pop-up dialogs that let the user know what programs are doing, and everything is done with the terminal unless you’re savvy enough to install a program to control it. If you’re looking for a better solution, consider checking out Open Snitch. It’s a simple firewall application heavily inspired by the Little Snitch program on Mac OS. It isn’t easy to install Open Snitch because users need to manually set up a GO Path for the Google Go programming language, and install the program with it. Still, once you’ve got it going, anyone, including beginners, can get a lot of use out of it.
Note: Open Snitch is an experimental program and it may not build correctly on every version of Ubuntu. For best results, follow the instructions carefully, and refer to the Github page for further reading.
Set Up Go Path
Open Snitch is written in Go, so installing it requires the Go language. Unfortunately, Google Go doesn’t automatically configure itself correctly just by installing it on Linux. To use it, you’ll first need to set up a “path”. The path will allow packages to install to your Linux PC easily.
To set up a correct path, open up a terminal window and follow the instructions below.
First, use the mv and cp commands to create a complete backup of your bash_profile.
cd ~/ cp .bash_profile ~/Documents mv ~/Documents/.bash_profile ~/Documents/.bash_profile-backup
Now that everything is safely backed up, it’s time to open up bash_profile inside of the Nano text editor, to configure the Go path correctly.
Paste the following code in the bash_profile file:
You’ll also need to set the Go bin directory. Paste the code below into Nano to set it.
After adding the paths to the file, press Ctrl + O to save the edits.
Using the source command, tell Bash about the new Go path:
Your Linux PC has a correct Go Path. The next step to install Open Snitch is to install the Go programming language itself. Open up a terminal and follow the instructions below to learn how to install Google Go. Please understand that Open Snitch will not work if you do not have access to Google Go 1.8.
sudo apt install golang-go python3-pip python3-setuptools protobuf-compiler libpcap-dev libnetfilter-queue-dev python-pyqt5 pyqt5-dev pyqt5-dev-tools git
Installing Google Go on lesser-known Linux distributions is a little more difficult. To start off, use the wget tool and quickly download the latest version of the source code.
Before you can install Open Snitch, install the following dependencies. They may have different names. Use the Ubuntu dependencies above as a reference.
Note: Open Snitch was designed to run on Ubuntu, and the developer really only outlines instructions for the dependencies for that Linux distribution. If you attempt to use this on another Linux operating system, it’ll work but you may run into issues.
Downloading should be quick, and when it finishes, use the Tar command to fully extract the language to the correct location on your Linux PC.
sudo tar -C /usr/local -xvzf go1.10.2.linux-amd64.tar.gz
Next, open up your Bash profile and add the “Go root” path to it. Adding the location of Go to this file is necessary, as you’re installing Go by hand from the code rather than using the native, included package.
Paste the code below into the Nano editor to set the root path:
Save the edit with Ctrl + O, and then source it:
Getting Open Snitch
Installing Open Snitch on Ubuntu starts out with getting the source code. Start off by using Go to download the two important dependencies used with Open Snitch:
go get github.com/golang/protobuf/protoc-gen-go go get -u github.com/golang/dep/cmd/dep
Next, use the Python 3 package installation tool to grab Python related dependencies that Open Snitch needs.
WARNING: Do not run the command below as root, or sudo, as it will install these libraries system-wide, which is not what we need to use Open Snitch.
python3 -m pip install --user grpcio-tools
All the dependencies are taken care of, now it’s time to use Go to clone the latest source code of the program.
go get github.com/evilsocket/opensnitch
Do not worry if the Go prompt says “there are no files”, or something similar. Ignore it and use the CD command to move the terminal into the correct directory.
At this point, it’s possible to run the make and make install command to build Open Snitch on your Ubuntu Linux PC.
make sudo make install
The core of the code is built and installed. Next, enable the Open Snitch daemon.
sudo systemctl enable opensnitchd sudo systemctl start opensnitchd
If the installation for Open Snitch is successful, you’ll be able to search for “Open Snitch” as a desktop shortcut and run it. Alternatively, run opensnitch-ui in the terminal to launch.
Using Open Snitch
When the Open Snitch tool is installed and running, the user won’t need to configure or do much. Just let the program run in the background. It will scan and notify you of programs that attempt to change things on your Linux PC.
To allow a program temporarily, click “Allow Once”. Want to enable one permanently, click “Allow Permanently”.
Alternatively, block programs temporarily by clicking “Deny”, or “Block” to deny forever.