The Linux application firewall OpenSnitch will be easier to setup with the upcoming NixOS 22.05 release. Only a few configuration lines are needed to get the daemon and client running.

An application requesting network access through OpenSnitch

The OpenSnitch daemon service was already merged with the 21.11 release and could theoretically be enabled with a simple configuration like this:

services.opensnitch.enable = true;

Unfortunately there was a bug preventing the daemon to work properly, which is now fixed in the unstable channel.

The running daemon alone doesn’t start blocking internet access for untrusted applications. You’ll also need to run the client application to make it work. If you’re using Home Manager to configure and start services in user space, you could also run the client automatically with this configuration snippet:

home-manager.users.onny.services.opensnitch-ui.enable = true;

This service is not yet merged into Home Manager unstable but should hopefully be available in the next release.

It is of course possible to import the unstable package and services into your existing configuration and already use it.

We are also working on supporting the newest OpenSnitch releases but currently have some packaging issues.