Skip to content

amalbansode/opensnitch-tui

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

51 Commits
.devcontainer
.devcontainer
 
 
.github/workflows
.github/workflows
 
 
proto
proto
 
 
src
src
 
 
static
static
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
build.rs
build.rs
 
 

Repository files navigation

OpenSnitch TUI

A Terminal UI control plane for OpenSnitch, an application firewall for Linux inspired by Little Snitch.

TUI screenshot

This TUI is built in Rust, namely using the tokio, tonic, and ratatui crates. It currently implements a subset of functions that the OpenSnitch GUI supports. Some features may never be supported due to complexity (e.g. support for multiple nodes).

Features

This TUI tries to replace the official OpenSnitch GUI in single-node environments where it may be inconvenient/impossible to use the GUI.

  • View high-level daemon runtime stats
  • View trapped network flows that require a disposition (allow/deny)
  • Easy keybindings and clickable UI to allow/deny trapped network flows
  • View alerts

The GUI may still be used separately (see below) for features the TUI doesn't yet support.

Usage

The OpenSnitch daemon connects to a control plane server (like this TUI) to talk gRPC. OpenSnitch's default config uses a Unix domain socket for transport. Unfortunately, the HTTP+gRPC library stack used by the TUI cannot currently support domain sockets (see open issue).

As a result, usage of the TUI requires the gRPC transport to use TCP. In the OpenSnitch daemon config (/etc/opensnitchd/default-config.json), change the Address field to a loopback-assigned IP address and port like below:

$ head -n4 /etc/opensnitchd/default-config.json
{
    "Server":
    {
        "Address":"127.0.0.1:50051",

Remember to update your invocation of the official GUI (opensnitch-ui) to pass a new flag that binds to this IP and TCP port (--socket "127.0.0.1:50051").

The corresponding flag for this TUI looks like --bind "127.0.0.1:50051".

The instructions above apply when the OpenSnitch daemon and GUI/TUI are running on the same node (loopback address); that address can be modified to any other IP/port combination.

Note that only one of the GUI or TUI can run at one time, so kill the opensnitch-ui or opensnitch-tui process to run the other.

Pre-built Binaries

Download the latest release for your architecture:

# x86_64
curl -fsSL https://github.com/amalbansode/opensnitch-tui/releases/latest/download/opensnitch-tui-linux-x86_64 -o opensnitch-tui
chmod +x opensnitch-tui

# aarch64 (ARM64)
curl -fsSL https://github.com/amalbansode/opensnitch-tui/releases/latest/download/opensnitch-tui-linux-aarch64 -o opensnitch-tui
chmod +x opensnitch-tui

Or in a Dockerfile:

# x86_64
RUN curl -fsSL https://github.com/amalbansode/opensnitch-tui/releases/latest/download/opensnitch-tui-linux-x86_64 -o /usr/local/bin/opensnitch-tui && \
    chmod +x /usr/local/bin/opensnitch-tui

# aarch64 (ARM64)
RUN curl -fsSL https://github.com/amalbansode/opensnitch-tui/releases/latest/download/opensnitch-tui-linux-aarch64 -o /usr/local/bin/opensnitch-tui && \
    chmod +x /usr/local/bin/opensnitch-tui

Build from Source

Requires the protobuf compiler, protoc.

$ cd $THIS_REPO
$ cargo build --release
$ cp target/release/opensnitch-tui $SOMEWHERE_IN_YOUR_PATH
$ opensnitch-tui --help

Disclaimer

I'm pretty new to Rust and am using this project as an exercise to learn more. Use this software at your own risk. Contributions are welcome.

About

A Terminal UI control plane for OpenSnitch, an application firewall for Linux inspired by Little Snitch

Topics

rust security networking firewall tui opensnitch littlesnitch

Resources

Readme

License

GPL-3.0 license
Activity

Stars

25 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases 3

v0.0.4 Latest
Dec 18, 2025
+ 2 releases

Contributors 2

Languages