I strongly suggest this as well. LittleSnitch, a similar program that has been around for over a decade, is the first thing I install (and recommend others install) when I work with a new OS X instance.

The first step here would be to getting it into Debian. I can handle this if you like; please assign me the ticket.

the ultimate goal of upstreaming the project

Not sure what you mean by this?

(See also: https://github.com/evilsocket/opensnitch/issues/86)

Sorry, by "upstreaming" I meant "get packaged into Debian." At the time I wrote this in February I was hoping we could get this into PureOS relatively quickly and had assumed that getting this packaged into PureOS would be faster than into Debian so I wanted to do the fast thing first if it was indeed faster.

In T327#9870, @kyle.rankin wrote:

assumed that getting this packaged into PureOS would be faster than into Debian

It might be a day-or-so faster but there are significant negatives to doing it that way, so not a net win just save 24h. ACK your assignment of this issue..

This will also require the packaging of (at least) the grpcio-tools Python package.

And possibly some extra golang packages... :)

WIP here: https://salsa.debian.org/lamby/pkg-opensnitch

Also working on grpcio module packaging in the Python Modules team.

(Also needs python3-grpc package in Debian)

https://github.com/evilsocket/opensnitch/pull/207

https://bugs.debian.org/909567

Hola si es difícil empaquetar opensnitch depende de librerías muy espesificas ,

Paquete debían
opensnitch_1.0.deb

https://sourceforge.net/projects/unknownos/files/opensnitch/

Es necesario instalar
apt-get install libnetfilter-queue1 libnetfilter-conntrack3 python3-slugify python-pyqt5 libc6 python3.7

Probado en debían Buster .

Thanks @Jonathan. It looks like your link leads to a opensnitch deb, I'll test it out. Would be cool if this was submitted to Debian, is that planned?

I'm going to unassign myself here; concentrating on Reproducible Builds. :)

In T327#12891, @Jonathan wrote:

Hola si es difícil empaquetar opensnitch depende de librerías muy espesificas ,
Paquete debían
opensnitch_1.0.deb
https://sourceforge.net/projects/unknownos/files/opensnitch/
Es necesario instalar
apt-get install libnetfilter-queue1 libnetfilter-conntrack3 python3-slugify python-pyqt5 libc6 python3.7
Probado en debían Buster .

@Jonathan Could you, please, post detailed instructions so I can reproduce your binary?

hola no entiendo muy bien la pregunta
opensnitch_1.0.deb es paquete para amd64 ,
Para copilar segui las instrucciones / https://github.com/evilsocket/opensnitch

how to install in debian , (buster repository)
sudo apt-get update
sudo apt-get install libnetfilter-queue1 libnetfilter-conntrack3 python3-slugify python-pyqt5 libc6 python3.7
sudo dpkg -i opensnitch_1.0.deb

Already built it but it's unstable, buggy and freezy. It can indeed detect but not block all outbound connections.

Suggested test: WPS Office (obviously just for testing purposes)

I've been using an opensnitch deb in regular, daily usage for a while now. It is functional, not so buggy in terms of interface and functionality. It does leak memory and can take up a significant chunk of my 16 available gigs of RAM, more than 80%, which slows my machine down to a crawl. That said, we might be able to work with the developer. Having this in PureOS is a powerful security story.