1. 25
  1. 6

    There’s not a lot of documentation but upon cursory glance of the code it does the following for anyone curious:

    • Sets up some basic iptables rules that allow DNS queries, connections, and rejects outgoing packets
    • Sets up some probing using ftrace to monitor execve family calls, fork, and exit to be notified when that happens.
    • Using netfilter finds new network activity (tied somehow to the iptables setup rules in step 1)
    • Determines owner of network connection, and runs rules to see if it should be allowed/dropped, etc
    • Performs the appropriate action, including launching a GUI to accept / reject it if no rule was put in place before hand.
    1. 1

      Thank you! :-) That is very helpful

    2. 1

      OpenSnatch would have been a good name too