Alternative to Little-Snitch app-firewall?

Question

I'm trying out Ubuntu. Been a Mac user. I like ubuntu a lot but I'm uncomfortable not having an app-firewall that reports what connections are being made to the internet. I find it unnerving to not have any control over what can & cannot connect to the internet.

Little Snitch works great on the Mac for this purpose. Is there anything comparable on Ubuntu? The default UFW firewall cannot stop apps from connecting so is pretty useless.

Answer 1

Linux application firewalls have not yet caught on and there have been various third party projects that come and go over the years.

Currently the best, IMO, is Leopard Flower

There are detailed instructions on how to install Leopard Flower here

Note: It was written for Ubuntu 10.10

Install dependencies (python-qt4 is for the graphical front end)

sudo apt-get install iptables libnetfilter-queue libnetfilter-conntrack python-qt4

Download the zip file from http://sourceforge.net/projects/leopardflower/files/latest/download

Extract the zip file

This will extract a directory, lpfw

Open a terminal and cd into the directory (Assuming it is in ~/Downloads)

cd ~/Downloads/lpfw

Run the program

sudo ./lpfw

See the above link for more detailed instructions as well as more advanced configuration.

Answer 2

If you are looking for a fresh application (GTK 3), have a look to my application (in heavy development) at http://douaneapp.com/

Answer 3

Some GUI suggestions that maybe fit your needs.

Program Guard allows users of a Linux workstation to control which programs access the Internet, last updated, 2006

Gufw an interface powered by ufw, last updated, 2012

FireFlier last updated, 2009

Guarddog last updated, 2007.

TuxGuardian last updated, 2006.

InJoy Firewall™ commercial application (offers a 30 day trial version) last updated, 2007.

Answer 4

OpenSnitch

OpenSnitch is application firewall inspired by Little Snitch that works on Ubuntu. Here's a screenshot of a prompt OpenSnitch displays when Firefox tries to connect to the Internet:

Installation instructions on Ubuntu 23.04 or later:

Run this command:

sudo apt install opensnitch

Now launch "OpenSnitch" from your GUI.

Installation instructions for older versions of Ubuntu:

• Download the opensnitch and python3-opensnitch-ui .deb files from this releases page:

  • If you're using a 64 bit system, download opensnitch_1.5.2-1_amd64.deb and python3-opensnitch-ui_1.5.2-1_all.deb
  • If you're using a 32 bit system, download opensnitch_1.5.2-1_i386.deb and python3-opensnitch-ui_1.5.2-1_all.deb
  • If you're using an ARM 64 bit system, or an ARM hard float system, download the corresponding .deb files

• Install both of these files by double clicking and installing them, or by running this on the command line:

  sudo dpkg -i Downloads/opensnitch*.deb Downloads/python3-opensnitch-ui*.deb
  

• You can launch the OpenSnitch GUI tool by launching "OpenSnitch".

If for some reason you can't run OpenSnitch after installing it, you may be experiencing this bug (GitHub issue, Launchpad bug report). To fix it, run on the command-line:

sudo apt install python3-pip
pip3 install --ignore-installed --user grpcio==1.44.0

Pip installs modules to ~/.local/share/lib/python*, so you can delete that directory if you want to undo the previous command.

Answer 5

anfd is a perl script which does the job, but it is not at all as userfriendly as little snitch. There is a good, but German wiki page. Download the script here and run it with anfd -h to see the following help text:

anfd - Ain't no firewall daemon.

anfd [-D] [-i 'iptables command'] [-x] [-c configfile] [-p pidfile]
anfd -k [-p pidfile]
anfd (-h|-?)

Anfd is a userspace daemon that uses the netfilter-ip_queue mechanism to hinder
specific software from "phoning home". It is not security software but privacy
software.

Options:
        -h, -?      : Print this help message.
        -D          : Debug mode - don't detach from terminal and print detailed infos
        -i 'command': Use this iptables command to insert the QUEUE rule.
                      Default: $ipt
        -x          : Dont insert any iptables rule. Admin will take care of that
                      herself.
        -c file     : Use this config file. Default: $default_config
        -p pidfile  : Use this pid file. Default: $pid_file
        -k          : Kill running anfd process.

Answer 6

Something like this might be good to you. Firestarter looks a powerful firewall program. Might be worth giving a shot.

But I would advise just using IPtables. As stated above it can be configured with ufw for ease of use.

Ubuntu has a great documentation for its IPtables implementation. With this you dont really need an app. If you are comfortable with the cmd line then you wil be able to set up your firewall to drop everything leaving your PC. Without yourself adding a rule to allow it. eg. for example port 80 for webserver.

Once you have used IPtables you will wonder how you worked without it!

EDIT: Might find that its not so easy to get a sort of idiot proof firewall like that on Linux. And that's no way a dig at you I use it on my MacBook Pro ha! ( OSX is great imo ) Just the applications available on linux usually involve a bit more configuration.

Bill

Answer 7

Here is a guide on how to install comodo. I dont know if the program is as good as little snich. Hope that program is what you were looking for!

Answer 8

InJoy firewall is by far the best option if you can afford it. ($60)

InJoy

Hope this helps,

Leinardo

Answer 9

SELinux:

A Linux kernel integrating SELinux enforces mandatory access-control policies that confine user programs and system servers to the minimum amount of privilege they require to do their jobs. This reduces or eliminates the ability of these programs and daemons to cause harm when compromised

SELinux has been integrated into version => 2.6

http://en.wikipedia.org/wiki/Security-Enhanced_Linux http://www.nsa.gov/research/selinux/index.shtml http://www.ibm.com/developerworks/linux/library/l-selinux/