Installation

Installation using DEB packages

tl;dr

$ sudo dpkg -i opensnitch*.deb python-opensnitch-ui*.deb; sudo apt -f install

• On Ubuntu you may need to add universe repositories.

Deb packages will be generated and uploaded with almost each release, to ease the installation process.

You can download them from the release section.

These packages have been (briefly) tested on:

• Daemon (v1.0.0-rc5):

  • Debian >= 8
  • LinuxMint >= 18
  • Ubuntu >= 16 (works also on 14.04, but it lacks upstart service file. dpkg must be at least .1.17.x)

• UI (v1.0.0-rc4):

  • Debian >= 9
  • Ubuntu >= 16.x
  • LinuxMint >= 18

• Window Managers:

  • Cinnamon
  • KDE
  • gnome-shell (NOTE: on >= 3.30 [and maybe others] there's no systray icon)

Note: You can install the UI from the sources, using pip3, and it'll work in some more distributions. Not in Fedora <= 29 due to lack of PyQt5 libraries.

---

Installation from sources

Make sure you have a correctly configured Go >= 1.8 environment, that the $GOPATH environment variable is defined and then:

# install dependencies
sudo apt-get install git libnetfilter-queue-dev libpcap-dev protobuf-compiler python3-pip
go get github.com/golang/protobuf/protoc-gen-go
go get -u github.com/golang/dep/cmd/dep
cd $GOPATH/src/github.com/golang/dep
./install.sh
export PATH=$PATH:$GOPATH/bin
python3 -m pip install --user grpcio-tools
# clone the repository (ignore the message about no Go files being found)
go get github.com/gustavo-iniguez-goya/opensnitch
cd $GOPATH/src/github.com/gustavo-iniguez-goya/opensnitch
# compile && install
make
sudo make install
# enable opensnitchd as a systemd service and start the UI
sudo systemctl enable opensnitchd
sudo service opensnitchd start
opensnitch-ui

Daemon

The daemon is implemented in Go and needs to run as root in order to interact with the Netfilter packet queue, edit iptables rules and so on, in order to compile it you will need to install the protobuf-compiler, libpcap-dev and libnetfilter-queue-dev packages on your system, then just:

cd daemon
make

You can then install it as a systemd service by doing:

sudo make install

The new opensnitchd service will log to /var/log/opensnitchd.log, save the rules inside /etc/opensnitchd/rules and connect to the default UI service socket unix:///tmp/osui.sock.

As of v1.0.0-rc2 version, it has been tested on Debian >= 8, Ubuntu >= 14, Fedora >= 23 and OpenSuse 15.

UI

The user interface is a Python 3 software running as a gRPC server on a unix socket, in order to install its dependencies type the following:

cd ui
sudo pip3 install -r requirements.txt

You will also need to install the package python-pyqt5 for your system (if anyone finds a way to make this work from the requirements.txt file feel free to send a PR).

The UI is pip installable itself:

sudo pip3 install .

This will install the opensnitch-ui command on your system (you can auto startup it by cp opensnitch_ui.desktop ~/.config/autostart/).

---

Running

Once you installed both the daemon and the UI, you can enable the opensnitchd service to run at boot time:

sudo systemctl enable opensnitchd

And run it with:

sudo service opensnitchd start

While the UI can be started just by executing the opensnitch-ui command.

Single UI with many computers

You can also use --socket "[::]:50051" to have the UI use TCP instead of a unix socket and run the daemon on another computer with -ui-socket "x.x.x.x:50051" (where x.x.x.x is the IP of the computer running the UI service).