The reddit thread raises a good question I have often wondered. What is my best option for an application level firewall? I want to deny network connections by default and specifically enable who can speak to the outside world.
> I want to deny network connections by default and specifically enable who can speak to the outside world.
I also want to filter the network data. I want my firewall to inspect what the software is sending over the network and delete, randomize or nullify all data that isn't strictly necessary for it to perform the desired function. Like uBlock Origin but for the network stack.
This would enable normal operation of the software while also at least partially subverting the "legitimate business interests" of these corporations.
> I want my firewall to inspect what the software is sending over the network and delete, randomize or nullify all data that isn't strictly necessary for it to perform the desired function. Like uBlock Origin but for the network stack.
You'll have to TLS man-in-the-middle yourself for this to be viable.
Could also work with file access. Most applications never need to access the whole filesystem. My browser mostly needs access to the profile-specific data and the downloads folder. A music player doesn't need access to anything outside the music directory and also no networking unless maybe that one URL it uses to load album cover images.
Although I'd only prefer this approach if it's actually done right. Android, Flatpak etc. mostly showed ways to do it badly.
On Windows I use henrypp/simplewall. It is lightweight UI on top of Windows Filtering Platform. My only complaint is to all the self-updating programs that keep changing its binary and I need to re-enable them periodically...
miles|4 years ago
[1] https://github.com/evilsocket/opensnitch
[2] https://old.reddit.com/r/linux/comments/od3h8b/audacity_may_...
[3] https://news.ycombinator.com/item?id=22206116
matheusmoreira|4 years ago
I also want to filter the network data. I want my firewall to inspect what the software is sending over the network and delete, randomize or nullify all data that isn't strictly necessary for it to perform the desired function. Like uBlock Origin but for the network stack.
This would enable normal operation of the software while also at least partially subverting the "legitimate business interests" of these corporations.
phone8675309|4 years ago
You'll have to TLS man-in-the-middle yourself for this to be viable.
alpaca128|4 years ago
Although I'd only prefer this approach if it's actually done right. Android, Flatpak etc. mostly showed ways to do it badly.
iliketrains|4 years ago
lioeters|4 years ago
sneak|4 years ago
simcop2387|4 years ago
pmontra|4 years ago
The gist of it is
I guess that the line in /etc/firejail/audacity.profile prevents any network connections. And for many useful functionalities.throwawayboise|4 years ago