Update FAQs.md

evilsocket · Nov 20, 2023 · d56eea9 · d56eea9
1 parent aee1b59
commit d56eea9
Showing 1 changed file with 15 additions and 15 deletions.
diff --git a/wiki/FAQs.md b/wiki/FAQs.md
@@ -1,26 +1,26 @@
 General
 ---
 
-**OpenSnitch displays too many dialogs to allow/deny connections**
+#### OpenSnitch displays too many dialogs to allow/deny connections
 
 Yes, it does. But only the first time it is used. Once you configure which processes/connections you want to allow/deny, you won't notice that it's running. Really.
 
 In the future, maybe we can add an option to queue events, and allow/deny them from the GUI: applying the default configured action until further interaction from the user.
 
 
-**Why Qt and not GTK?**
+#### Why Qt and not GTK?
 
 I tried, but for very fast updates it failed bad on my configuration (failed bad = SIGSEGV), moreover I find Qt5 layout system superior and easier to use.
 
 
-**Why gRPC and not DBUS?**
+#### Why gRPC and not DBUS?
 
 The UI service is able to use a TCP listener instead of a UNIX socket, that means the UI service itself can be executed on any operating system, while receiving messages from a single local daemon instance or multiple instances from remote computers in the network, therefore DBUS would have made the protocol and logic uselessly GNU/Linux specific.
 
 Connections
 ---
 
-**Status is Not Running** message on the GUI
+#### Status is _Not Running_ message on the GUI
 
 Be sure that the daemon is running: `$ pgrep opensnitchd`
 
@@ -31,15 +31,15 @@ $ sudo systemctl enable opensnitchd
 $ sudo systemctl start opensnitchd.service 
 ```
 
-**No rules shown in the UI**
+#### No rules shown in the UI
 
 Check that the daemon is running: `$ pgrep opensnitchd` . Status should be "Running".
 
 Click on the Rules -> Nodes -> `<node address>` , and see if the rules are listed.
 
 Some more info: [#988](https://github.com/evilsocket/opensnitch/issues/988#issuecomment-1634152487)
 
-**Why is WireGuard/Mullvad/etc not working with OpenSnitch?**
+#### Why is WireGuard/Mullvad/etc not working with OpenSnitch?
 
 The common reason is because the eBPF module is not installed or not working.
 
@@ -55,7 +55,7 @@ If it still doesn't work, you can enable `[x] Debug invalid connections` under P
 
 [More info](https://github.com/evilsocket/opensnitch/tree/master/ebpf_prog)
 
-**Which connections does OpenSnitch intercept?**
+#### Which connections does OpenSnitch intercept?
 
 We currently (>= v1.6.0-rc.4) intercept new connections (iptables/conntrack state NEW) of TCP, UDP and UDPLITE, SCTP and ICMP protocols, to/from any port.
 
@@ -88,27 +88,27 @@ If some of the above commands outputs "no such file or directory", your kernel l
 
 [More info](https://github.com/evilsocket/opensnitch/tree/master/ebpf_prog)
 
-**xanmod and liquorix kernels**
+#### xanmod and liquorix kernels
 
 Unfortunately, these kernels are compiled without the mentioned features, so eBPF process monitor method won't be available on these kernels.
 liquorix does have support for kprobes, but no syscalls tracing. But xanmod doesn't have support for any of the needed features.
 
 For these kernels, the default method to intercept processes will be ProcFS (proc).
 
-**hardened kernels**
+#### hardened kernels
 
 We support most of the kernel hardening options. However some of them causes eBPF not to work. We don't know yet (18/11/2022) which is exactly the option that prevent us to work as expected.
 
 Configuration
 ---
 
-**What does the "Debug invalid connections" configuration option mean?**
+#### What does the "Debug invalid connections" configuration option mean?
 
 When a process establishes a new connection, we first receive the connection information (src/dst IP, src/dst port, but no PID, nor process command line/path). Thus, we try to get who created the connection.
 
 Sometimes we fail to discover the PID of the process, or the path of the PID, thus in these cases if you check this option, a pop-up will appear to allow or deny an "unknown connection".
 
-**What's the behaviour of daemon's default action "deny"**
+#### What's the behaviour of daemon's default action "deny"
 
 The daemon option "default_action" "deny" will block ALL traffic (as of version 1.6.0-rc.4) that is intercepted by _iptables_ or _nftables_ and is not answered or configured by the user. If an outgoing connection timeouts while waiting for user action, then it'll apply the default action.
 
@@ -123,7 +123,7 @@ Read more 👉 https://github.com/evilsocket/opensnitch/wiki/System-rules-legacy
 Rules
 ---
 
-**In which order does opensnitch check configured rules?**
+#### In which order does opensnitch check configured rules?
 
 Since version 1.2.0, rules are checked in alphabetical order. There's also a new field to mark a rule as Important.
 
@@ -132,7 +132,7 @@ So if you want to prioritize some rules over others:
 2. [x] Priority field checked (Action: allow)
 3. OR Action: deny (not need to check the Priority field in these rules)
 
-**If I allow program A, and it launches another program B, will it be also allowed?**
+#### If I allow program A, and it launches another program B, will it be also allowed?
 
 No. You only allow program A to access the net. Any other program launched by program A will be stopped until you allow or deny it.
 
@@ -142,7 +142,7 @@ See some examples:
 
 Read more about best practices: https://github.com/evilsocket/opensnitch/wiki/Rules#best-practices
 
-**Can a malicious program simply open another process or port and bypass an application based filter?**
+#### Can a malicious program simply open another process or port and bypass an application based filter?
 
 A process may open other subprocesses, but will it bypass defined application rules? No (see previous FAQ why ^). From the OpenSnitch perspective, it'll just be a new process opening an outbound connection without a rule defined for it, and as such, it'll ask you to allow or deny it.
 
@@ -159,7 +159,7 @@ https://github.com/evilsocket/opensnitch/wiki/Rules#best-practices
 
 Anyway, nothing is unbreakable. If you know a way to bypass application rules, we'd love to see a detailed example! That'll help us to improve the application.
 
-**Appimages confuse the firewall**
+#### Appimages confuse the firewall
 
 Appimages create a random directory under `/tmp/` from where they're executed, so if you allow or deny an appimage by path or command line when the pop-up appears, the next time the app is executed, the path to the binary will be different and OpenSnitch will prompt you again to deny or allow it.