NAME

       opensnitchd - GNU/Linux interactive firewall application

SYNOPSIS

       opensnitchd [-rules-path path] [-cpu-profile path] [-debug] [-error] [-warning] [-important] [-log-
                   file path]... [-mem-profile path]... [-no-live-reload] [-process-monitor-method name]...
                   [-queue-num num]... [-ui-socket path]... [-version] [-workers num]...

DESCRIPTION

       opensnitchd  is  the  OpenSnitch agent that intercepts outbound connections, and send them to the server.
       The server can be a GUI, a TUI, or a headless component to just log the  network  activity  (a  SIEM  for
       example).  By default it'll allow all connections, creating temporal rules for you so you can review them
       later.

OPTIONS

       -rules-path path
              Specifies where the rules will be written to. Default "rules".

       -cpu-profile path
              A file path where the CPU data for later use will be written.

       -debug Set LogLevel to DEBUG.

       -warning
              Set LogLevel to WARNING.

       -important
              Set LogLevel to IMPORTANT.

       -log-file path
              A file path where the logs will be written to. This path can be a device file, like /dev/stdout to
              print logs to standard output.

       -mem-profile path
              A file path where the memory data will be written once the daemon exits.

       -no-live-reload
              By default daemon's rules and configuration is reloaded whenever it changes.  This option disables
              this feature.

       -process-monitor-method method
              Force  process  monitor  method,  overriding what is defined in the configuration.  Valid methods:
              ebpf, audit, proc

       -queue-num num
              Force to use this netfilter queue num. The default queue number is 0, but if it's already used  by
              other software, you can set another queue number here.

       -ui-socket path
              Force  to  use this socket path, instead of the one defined in the configuration.  The path format
              is unix:///path/to/socket.sock or ip:port ("127.0.0.1:50051")
              (https://github.com/grpc/grpc/blob/master/doc/naming.md)

       -version
              Prints out daemon version.

       -workers num
              Change maximum number of workers to process outbound  connections.   By  default  16  workers  are
              launched, but if it's not enough increase this number.

FILES

       /etc/opensnitchd/rules/
              Default daemon directory rules.
       /etc/opensnitchd/default-config.json
              Default daemon configuration.
       /etc/opensnitchd/system-fw.json
              Configuration of system firewall rules (iptables/nftables).

              Firewall rules defined here bypasses OpenSnitch interception. Use it to allow VPNs or other
              services.

DIAGNOSTICS

       OpenSnitch needs at least one firewall rule to intercept outbound connections:

       iptables -t mangle -L OUTPUT | grep NFQUEUE
              NFQUEUE all -- anywhere anywhere ctstate NEW,RELATED NFQUEUE num 0 bypass

       If  you  suspect  that OpenSnitch blocks an application and doesn't prompt you to allow or deny it, using
       the GUI enable the option [x]  Debug  invalid  connections  under  Preferences  ->  Nodes.   Or  set  the
       configuration option InterceptUnknown to true.

       Tip:  You  can  also  add  rules  to  the file /etc/opensnitchd/system-fw.json, to allow network services
       without being intercepted by the daemon.

       Another way of debugging errors is by launching the daemon from the command line:

       1.  Set LogLevel to DEBUG under Preferences -> Nodes (or LogLevel to 0 in the configuration)
       2.  Stop the daemon: systemctl stop opensnitch
       3.  Launch it from cli: /usr/bin/opensnitchd -rules-path /etc/opensnitchd/rules/

REPORTING BUGS