Keeping yourself safe and secure from malware is a daunting task, even on Linux. You need to be sure that the tools you use aren't phoning home to criminals for instructions or exfiltrating your personal pics to blackmailers on the other side of the world.

While there are various firewall solutions available for Linux, these are usually used via the terminal and can be difficult to understand and use.

OpenSnitch is an easy-to-use GUI firewall application for Linux that captures all outgoing network connections and gives you the choice of how to handle them.

Linux Isn't Immune to Malware

Man holding laptop that says you've been hacked

Very few Linux users employ an antivirus on their systems, and there's a widely spread misapprehension that Linux is immune to malware and viruses.

This unfortunate misunderstanding is because when malware creators build and deploy their products, they want to make the most money possible by infecting the most people possible.

Microsoft Windows is the most common desktop operating system available today, so it makes sense to build malware specifically for Windows. This can include keyloggers to steal your passwords, ransomware to encrypt your disks, or hands-on malware, which allows attackers to remotely control your machine.

Linux does have a few security advantages over other operating systems. Its open-source nature means that vulnerabilities are more quickly spotted and patched, while Linux privilege separation makes it harder for malware to gain access to sensitive system files.

The package management system is also safer than downloading and running random EXE files from the internet.

But this doesn't make Linux completely safe, and while most Linux malware is aimed at servers and IoT devices, desktop users are at risk too.

Firewalls on Linux Can Be Tricky

One important feature of sophisticated modern malware is that it needs to communicate with a remote server. There's no point logging all of your keystrokes if the file containing them is stuck on your hard drive, and you can't send ransom demands if you don't know for sure that the system has been encrypted.

Firewalls are utilities that monitor your PC's incoming and outgoing traffic and can block traffic from certain sources, apps, and ports.

The built-in Linux firewall is iptables, which filters network packets based on a set of rules.

Most Linux distros come with the excellent Uncomplicated Firewall (UFW), a terminal utility that makes it less complicated to manage these rules.

But terminal apps such as UFW can be clunky and unintuitive to use, and new users may prefer not to think about security at all rather than get to grips with terminal apps.

OpenSnitch Makes Linux Firewalls Easy

OpenSnitch is an open-source utility that monitors your network and allows you to easily create rules for situations as they arise. It has an easy-to-use graphical front end, meaning that once it's installed you can establish control over your traffic without ever having to dive into the terminal.

Install OpenSnitch on Linux

install opensnitch

OpenSnitch is available for Debian and Fedora-based systems running i386, AMD64, ARM63, and ARMhf.

To begin, download the DEB or RPM file from the OpenSnitch GitHub Releases page. You'll need to grab two packages: one for the daemon and one for the GUI.

Download: OpenSnitch

If you're installing on a Debian-based system, install both packages with:

        sudo apt install ./opensnitch*.deb ./python3-opensnitch-ui*.deb
    

If you're installing from the RPM release, you can either use DNF or YUM:

        sudo dnf install ./opensnitch-1*.rpm ./opensnitch-ui-1*.rpm
sudo yum localinstall opensnitch-1*.rpm; sudo yum localinstall opensnitch-ui*.rpm

Alternatively, if you prefer not to use the terminal at all, you can simply double-click on each of the files to install them.

Due to an issue with the python3-grpcio version shipped with Ubuntu 22.04, if you're on this release you'll need one additional step after installing the GUI.

        pip3 install --ignore-installed grpcio==1.44.0
    

OpenSnitch and its GUI front-end are now installed.

Use OpenSnitch to Guard Your Linux PC

firefox ublock origin being blocked from connecting by opensnitch

OpenSnitch installs itself as a daemon and should start as soon as you turn on your PC, without further intervention. You won't see it until you or a system app attempt to access the internet.

Open Firefox for the first time, and OpenSnitch will make itself known with a dialog asking if you want to allow it to connect. You can choose to deny it or allow it, and you have the choice of allowing for a set amount of time, forever, or until reboot.

You can add more detail by selecting if you want to allow or deny the app, depending on how it was launched, the port it's using, the user who launched it, and more.

OpenSnitch saves these rules to a local file and applies them to future attempts by any app or process to connect to the network.

If you're not sure what the process is, it's a good idea to temporarily block it while you investigate what it is, and decide whether evil_keylogger.sh has a valid reason to make contact with a sketchy IP address.

The process of allowing or blocking individual processes may seem like a chore at first and can distract you from what you were trying to do, but you'll soon get a feel for what you should or shouldn't allow. Don't like Microsoft collecting telemetry from your virtualized copy of Windows 10? Block it.

The requests will grow less frequent as your rules take effect.

opensnitch ui

When OpenSnitch starts, it should create an icon in your system tray. Click this, then Statistics to bring up a tabbed list of established rules. If you want to modify these rules, switch to the Rules tab, then right-click on an entry to modify it.

The Hosts tab will give a breakdown of the domains to which your machine has attempted to connect, Applications will show you from which apps the connection attempt was made, Users will reveal the users who made the connection, while Addresses gives you both the IP addresses, and how many times a connection was made or attempted.

Take Responsibility for Your Own Security on Linux

Installing and configuring a firewall is the first step in keeping your Linux desktop safe from intruders and unwanted surveillance. You can take this further by testing your defenses, and learning about offensive security measures through tools such as Metasploit.