OpenSnitch per app firewall


#1

OpenSnitch is an application firewall, i think is important to have it on librem5 if someone know how to keep in touch with devs this will add a lot of security on our future phone


#2

No it won’t, at least not in the near future.
From the project page:
THIS SOFTWARE IS WORK IN PROGRESS, DO NOT EXPECT IT TO BE BUG FREE AND DO NOT RELY ON IT FOR ANY TYPE OF SECURITY.

Also:
The daemon is implemented in Go and needs to run as root

The attack surface you introduce with such kind of hooks is much greater than anything without it.
Linux already provides Seccomp sandboxes, SELinux and AppArmor which could do the same and
more, without any extra half baked PoC projects.
Unless you want some pseudo-secure Pajeet hack job which many Android ROMs are.


#3

IMHO openVPN is more important (not to down play the importance of a firewall). At least everything sending and receiving from the handset is encrypted while connected to your VPN of choice.