From f99510637e5b8dcdb1a23d0a23d0ef2015be2eba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gustavo=20I=C3=B1iguez=20Goia?= Date: Wed, 1 May 2024 10:48:51 +0000 Subject: [PATCH] Update FAQs.md --- wiki/FAQs.md | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/wiki/FAQs.md b/wiki/FAQs.md index 5c43103a0f..250fa702f3 100644 --- a/wiki/FAQs.md +++ b/wiki/FAQs.md @@ -110,7 +110,7 @@ Sometimes we fail to discover the PID of the process, or the path of the PID, th #### What's the behaviour of daemon's default action "deny" -The daemon option "default_action" "deny" will block ALL traffic (as of version 1.6.0-rc.4) that is intercepted by _iptables_ or _nftables_ and is not answered or configured by the user. If an outgoing connection timeouts while waiting for user action, then it'll apply the default action. +The daemon option "DefaultAction" "deny" will block ALL traffic (as of version 1.6.0-rc.4) that is intercepted by _iptables_ or _nftables_ and is not answered or configured by the user. If an outgoing connection timeouts while waiting for user action, then it'll apply the default action. If you suspect that opensnitch is blocking an application and asking you to allow/deny it (for example VPN traffic), enable the option `[x] Debug invalid connections` from Preferences -> Nodes @@ -125,13 +125,19 @@ Rules #### In which order does opensnitch check configured rules? -Since version 1.2.0, rules are checked in alphabetical order. There's also a new field to mark a rule as Important. +Since version 1.2.0, rules are checked in alphabetical order. + +They are evaluated until a rule with a Deny/Reject Action is found, or until a rule with the `[x] Priority` check marked is found. So if you want to prioritize some rules over others: 1. Name the rule as 000-max-priority, 001-notsomax-priority, 002-less-preiority, not-priority 2. [x] Priority field checked (Action: allow) 3. OR Action: deny (not need to check the Priority field in these rules) +More info: + - https://github.com/evilsocket/opensnitch/wiki/Rules-examples + - https://github.com/evilsocket/opensnitch/wiki/Rules#best-practices + #### If I allow program A, and it launches another program B, will it be also allowed? No. You only allow program A to access the net. Any other program launched by program A will be stopped until you allow or deny it. @@ -159,16 +165,6 @@ https://github.com/evilsocket/opensnitch/wiki/Rules#best-practices Anyway, nothing is unbreakable. If you know a way to bypass application rules, we'd love to see a detailed example! That'll help us to improve the application. -#### Appimages confuse the firewall - -Appimages create a random directory under `/tmp/` from where they're executed, so if you allow or deny an appimage by path or command line when the pop-up appears, the next time the app is executed, the path to the binary will be different and OpenSnitch will prompt you again to deny or allow it. - -You need to use regular expressions to match the directory by editing the rule: - -[x] From this executable: ^(/tmp/\.mount_Archiv[0-9A-Za-z]+/.*)$ - -See this issue for context and more information: [#408](https://github.com/evilsocket/opensnitch/issues/408) - Other ---