opensnitch icon indicating copy to clipboard operation
opensnitch copied to clipboard

Published 20 hours ago verified publisher icon evilsocket

add support for incoming connections

Open evilsocket opened this issue 7 years ago • 3 comments

Right now the daemon will only intercept and manage outgoing connections, add support for incoming connections ( ip address x.x.x.x is connecting to port 80 of httpd )

evilsocket avatar Apr 06 '18 12:04 evilsocket

What exactly is the reason that incoming connections are not being queued? I can't find the info I'm looking for in any netfilter documentation.

Edit: after digging through the code more, it looks like the reason is simply because of the rule placement (all rules are -A in rules.go.) Would it be too much to stick our rules into the chains as number 1, for example:

		rule := []string{
			"-I",
			"INPUT",
			"1",
			"--protocol", "udp",
			"--sport", "53",
			"-j", "NFQUEUE",
			"--queue-num", fmt.Sprintf("%d", queueNum),
			"--queue-bypass",
		}

Northern-Lights avatar Aug 23 '18 05:08 Northern-Lights

This is important. I've made a connection using SSH and I was surprised that OpenSnitch didn't prevent me from connecting.

GreenLunar avatar Jan 04 '22 08:01 GreenLunar

Hello! Any update on this please?

robinmayol avatar Feb 14 '23 18:02 robinmayol