It seems like there is no application level firewall in the Manjaro repos?

Many of the firewall solutions are IP and Port based but escpecially for a newbie that is not easy to do. This is why an easy to use and especially easy to understand firewall is a valuable addition to the repos.
Application level firewalls are a great newbie conform alternative to IPxPort based firewalls.

As I see it there are two interesting application level firewalls out there for linux: OpenSnitch (a port of LittleSnitch (MacOS)) and FirePrompt.

OpenSnitch is available from the AUR but it throws hundreds of errors (int is being compared with unsigned int?!) when I try to built it with pamac. The app does not end up starting, only the system tray icon is there and through it I can open the stats window but that's all.

FirePrompt is only available as a .deb package.

I should add that both of these programs are not that mature yet. At least OpenSnitch seems to be quite early in development and quite buggy although the installation problems are probably related to manjaro I guess?

If you end up not liking the idea of maintaining unmatured apps, do I have a realistic chance when I request these again in the future when they run better?

Thank you anyway!

You should follow tha packages in AUR. Your topic does not strike me as coming from a newbie so I rekon the developers of the mentioned app would appreciate a helping hand with testing and polishing.

When and if the mentioned apps matures enough they will be in AUR a long time before moving to officiel repo - be it Arch or Manjaro.

1 Like

AFAIK Ufw ships with many application-based rules by default.

2 Likes

And create desired one...

1 Like

Sorry for replying that late. Just got around to play with ufw.
It seems like there is not even a profile for Firefox. And even when I unblock Port 80 and 443 (I think it was?), Firefox still can't connect. I am confused...

Are you using the default ufw config? If so, outgoing traffic should not be blocked at all.
So there must be another reason why FF can't connect I think.

2 Likes

If you block all outgoing traffic and allow only Port 80 and 443, you will block all DNS queries. You might want look into DoH. Or open your firewall for old plain UDP DNS queries.

2 Likes

I wrote about rules, not profiles. Profiles are overall default configurations, while rules are activated on-demand when an application wants to connect.

And as @xabbu mentioned, there is more to browse the Internet than opening HTTP ports.

1 Like

Wow, I feel stupid now...
Thank you all for showing me how dumb I am :stuck_out_tongue:

I've been using OpenSnitch after seeing it here and I'm very pleased. I'm not sure whether it is secure enough or not (it says "DO NOT RELY ON IT FOR ANY TYPE OF SECURITY" in github page) but usability-wise it deserves to be in Manjaro repos.

Note: There is no GUI to manage rules. Rules are stored as files in /etc/opensnitchd/rules .

Forum kindly sponsored by