tiny-snitch

why

it should be easy to monitor and control inbound and outbound connections.

what

an interactive firewall for inbound and outbound connections.

the rules are global, but the prompt always shows the pid/path/args of the program requesting a new rule.

based on the excellent opensnitch.

demo

a split screen monitoring setup for a second monitor using ptop, color, pys, and a oneliner to tail tiny-snitch logs into a small and colorful format.

dependencies

there are two components with separate dependencies:

• tiny-snitch:

  • go
  • libnetfilter_queue
  • nftables

• tiny-snitch-prompt

  • python3
  • pyqt5

install

setup nftables with sudo nft -f nftables.conf

build with: make

put tiny-snitch/ on your $PATH.

usage

tiny-snitch should be launched with sudo -E, so the qt5 prompt can use your DISPLAY.

either run it in a background terminal: sudo -E tiny-snitch

or automatically run it with cron: * * * * * sudo -E auto-restart tiny-snitch 2>&1 | rotate-logs /tmp/tinynitch.log

auto-restart and rotate-logs are not required.

rules

permanent rules are stored in /etc/tiny-snitch.rules and /etc/tiny-snitch.adblock. edit those files and tiny-snitch will reload.

some example rules:

action address port proto

allow google.com             443 tcp
deny  *.google-analytics.com *   tcp
allow 172.17.*.*             *   tcp
allow 172.17.*.*             *   udp

temporary rules can be added by appending lines to /tmp/tiny-snitch.temp, which will be loaded and then truncated.

some example temporary rules:

action duration address port proto

1-hour   allow google.com             443 tcp
9-minute deny  *.google-analytics.com *   tcp
24-hour  allow 172.17.*.*             *   tcp
1-minute allow 172.17.*.*             *   udp