Provided by: opensnitch_1.6.9-3ubuntu1_amd64 
NAME
opensnitchd - GNU/Linux interactive firewall application
SYNOPSIS
opensnitchd [-rules-path path] [-cpu-profile path] [-debug] [-error] [-warning] [-important] [-log-
file path]... [-mem-profile path]... [-no-live-reload] [-process-monitor-method name]...
[-queue-num num]... [-ui-socket path]... [-version] [-workers num]...
DESCRIPTION
opensnitchd is the OpenSnitch agent that intercepts outbound connections, and send them to the server.
The server can be a GUI, a TUI, or a headless component to just log the network activity (a SIEM for
example). By default it'll allow all connections, creating temporal rules for you so you can review them
later.
OPTIONS
-rules-path path
Specifies where the rules will be written to. Default "rules".
-cpu-profile path
A file path where the CPU data for later use will be written.
-debug Set LogLevel to DEBUG.
-warning
Set LogLevel to WARNING.
-important
Set LogLevel to IMPORTANT.
-log-file path
A file path where the logs will be written to. This path can be a device file, like /dev/stdout to
print logs to standard output.
-mem-profile path
A file path where the memory data will be written once the daemon exits.
-no-live-reload
By default daemon's rules and configuration is reloaded whenever it changes. This option disables
this feature.
-process-monitor-method method
Force process monitor method, overriding what is defined in the configuration. Valid methods:
ebpf, audit, proc
-queue-num num
Force to use this netfilter queue num. The default queue number is 0, but if it's already used by
other software, you can set another queue number here.
-ui-socket path
Force to use this socket path, instead of the one defined in the configuration. The path format
is unix:///path/to/socket.sock or ip:port ("127.0.0.1:50051")
( https://github.com/grpc/grpc/blob/master/doc/naming.md )
-version
Prints out daemon version.
-workers num
Change maximum number of workers to process outbound connections. By default 16 workers are
launched, but if it's not enough increase this number.
FILES
/etc/opensnitchd/rules/
Default daemon directory rules.
/etc/opensnitchd/default-config.json
Default daemon configuration.
/etc/opensnitchd/system-fw.json
Configuration of system firewall rules (iptables/nftables).
Firewall rules defined here bypasses OpenSnitch interception. Use it to allow VPNs or other
services.
DIAGNOSTICS
OpenSnitch needs at least one firewall rule to intercept outbound connections:
iptables -t mangle -L OUTPUT | grep NFQUEUE
NFQUEUE all -- anywhere anywhere ctstate NEW,RELATED NFQUEUE num 0 bypass
If you suspect that OpenSnitch blocks an application and doesn't prompt you to allow or deny it, using
the GUI enable the option [x] Debug invalid connections under Preferences -> Nodes. Or set the
configuration option InterceptUnknown to true.
Tip: You can also add rules to the file /etc/opensnitchd/system-fw.json, to allow network services
without being intercepted by the daemon.
Another way of debugging errors is by launching the daemon from the command line:
1. Set LogLevel to DEBUG under Preferences -> Nodes (or LogLevel to 0 in the configuration)
2. Stop the daemon: systemctl stop opensnitch
3. Launch it from cli: /usr/bin/opensnitchd -rules-path /etc/opensnitchd/rules/
REPORTING BUGS
Problems with opensnitchd should be reported on github https://github.com/evilsocket/opensnitch/issues
HISTORY
OpenSnitch was originally written by Simone Margaritelli (evilsocket) in 2017-2018.
In 2019, after some time of inactivity, Gustavo IƱiguez Goya started contributing, fixing bugs and adding
new functionality, with the esential help of the community, and valuable contributions from themighty1
and calesanz among others.
SEE ALSO
OpenSnitch Home Page https://github.com/evilsocket/opensnitch
AUTHORS
The complete list of OpenSnitch contributors can be found on https://github.com/evilsocket/opensnitch
opensnitchd 1.5.9 2023-06-07 OPENSNITCHD(1)