Hacker News new | past | comments | ask | show | jobs | submit login

Ok, thank you for a clue, I'll give it a try. The last time I checked it was clearly very far from production-ready. It still shouts "this software is a work in progress, do not expect it to be bug free and do not rely on it for any type of security" in all caps on its homepage which suggests it still is. Given all the abandoned attempts I've seen in the past I also feel very skeptical this one too.



Would you mind sharing your experience afterwards? The alternatives to SELinux in terms of network filtering seem to be so rare.


I can give you mine, since I use(d) opensnitch for a while.

It works quite well but requires a GUI (obviously), it looks like it primarily supports GTK. If you're hoping to use the machine purely from the CLI (like, when sshing into your work machine) it won't work well.

It is significantly less powerful than LittleSnitch, some options don't exist (like, allowing access to a domain), but you get similar functionality in many cases.

Overall, it's definitely worth testing out to see if it works for you.


I think you haven't tested last versions.

GUI is not GTK, but Qt.

> If you're hoping to use the machine purely from the CLI (like, when sshing into your work machine) it won't work well.

There's no cli tool published yet. There's a PoC though that works well.

> some options don't exist (like, allowing access to a domain)

Since version 1.0.0b you can filter by domain. And in latest version by domain, ip, network, uid, port, command line, command path, cmd environment variables, protocol, or any combination of them. You can't filter by interface, but if aomeone needs it open a new issue.

> It is significantly less powerful than LittleSnitch

What options do you miss?


> It is significantly less powerful than LittleSnitch

To make it no-less powerfull somebody has to invest time and expertise into extending the kernel for it - AFAIK LittleSnitch works this way on MacOS.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: