The officially official Devuan Forum!

You are not logged in.

#1 2021-12-26 10:54:16

Registered: 2020-08-12
Posts: 3  

make opensnitch installable for systemdless systems

I have devuan (systemdless debian) and i can't install opensnitch without systemctl.
Can you please make it possible to install opensnitch without systemd?

Yes, manually

root@refracta:~# opensnitchd
[2021-12-09 11:40:22]  IMP  Starting opensnitch-daemon v1.4.1
[2021-12-09 11:40:22]  INF  Loading rules from /root/rules ...
[2021-12-09 11:40:22]  !!!  Path '/root/rules' does not exist
root@refracta:~# mkdir rules
root@refracta:~# opensnitchd
[2021-12-09 11:40:39]  IMP  Starting opensnitch-daemon v1.4.1
[2021-12-09 11:40:39]  INF  Loading rules from /root/rules ...
OK: libnetfiler_queue supports nfq_get_uid
OK: libnetfiler_queue supports nfq_get_uid

OpenSnitch is a GNU/Linux port of the Little Snitch firewall. You can launch the GUI from the icon or from the system menu. The daemon will start intercepting connections, prompting you to allow or deny them. If you don't apply an action, after 15 seconds (configurable) it'll apply the default action configured. When you open the GUI, you'll see all the connections and processes that the daemon has intercepted.

I installed Opensnitch on a systemdless system : DevuanDog from Fredx.  It runs on this OS without a glitch.

Also, thanks to some research done on internet, i found an alternative to Opensnitch, called Douane.  There is an installer available for Debian.  I did an install on Refracta, but i could not make it launch on my machine (maybe because i still use Refracta from ascii). 

johnny@refracta:~/douane-installer$ ./douane-installer
Traceback (most recent call last):
  File "./douane-installer", line 41, in <module>
    from installer.application import Application
  File "/home/johnny/douane-installer/src/installer/", line 79
    self.logger.debug(f'Setting the page {page.__class__.__name__} '
SyntaxError: invalid syntax

It's good to have a firewall for incoming connections, but we should all have a firewall for outgoing connections as well, such as Opensnitch or Douane.


#2 2021-12-26 13:56:56

From: London
Registered: 2019-03-24
Posts: 2,386  

Re: make opensnitch installable for systemdless systems

The opensnitch .deb already supplies an init script but they don't use dh_installinit(1) correctly so you have to enable it yourself:

# update-rc.d opensnitch defaults
labrona wrote:

we should all have a firewall for outgoing connections as well

The stock nftables package can deal with both outgoing and incoming connections but see for starting it at boot.

Windows-style firewalls are generally considered unnecessary in GNU/Linux because we can read the source code of any installed packages to check what they're doing.

To obtain a root shell use su -. Using just su will result in "command not found" messages.


Board footer