Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Linux Mint + DefaultAction : "deny" = long black screen timeout when opening session ? #1016

Closed
linux-dummy opened this issue Aug 14, 2023 · 2 comments
Closed

Linux Mint + DefaultAction : "deny" = long black screen timeout when opening session ? #1016

linux-dummy opened this issue Aug 14, 2023 · 2 comments

Comments

@linux-dummy
Copy link

Hello,

I've installed the latest 1.6.2 OpenSnitch release on a fresh Linux Mint 21.2 Cinnamon edition (but the issue is also present with older Linux Mint Cinnamon edition and/or older OpenSnitch releases). Then I applied the #647 comment to fix the issue with opensnitch-ui and all was ok.

Then I modified the default-config.json param "DefaultAction" from "allow" to "deny" or "reject".
Then I logged out and tried to open a new session.

This cause a very long (4-5 minutes) black screen timeout while opening the session (you only see a black screen with the mouse cursor, that you can move, but nothing else). This timeout is present every time you want to open a new session.

After 4-5 minutes black screen waiting, the session starts normally and all seems to be ok.

To fix the issue, I tried to create a rule to allow localhost connections :

"name": "allow-localhost", "description": "allow localhost", "enabled": true, "precedence": true, "nolog": false, "action": "allow", "duration": "always", "operator": { "type": "simple", "operand": "dest.ip", "sensitive": false, "data": "127.0.0.1", "list": [] }

or

"name": "allow-localhost", "description": "allow localhost", "enabled": true, "precedence": true, "nolog": false, "action": "allow", "duration": "always", "operator": { "type": "network", "operand": "dest.network", "sensitive": false, "data": "127.0.0.0/24", "list": [] }

and this seems to reduce the black screen timeout from 4-5 minutes to about 2min15 ... but it is still way too long to wait to open the session ... knowing that with "DefaultAction": "allow" the session starts in about 2 seconds ...

Here after is the opensnitchd.log extract with LogLevel set to 0 ... could you please have a look to find the issue ?

Thank you !

opensnitchd-extract.log
@lainedfles
Copy link
Contributor

Hi,

Please read localhost-connections. Your attempted rules don't account for IPv6. The referenced document provides a sample rule (note the regular expression syntax including ::1):

{
  "created": "2023-07-05T10:46:47.904024069+01:00",
  "updated": "2023-07-05T10:46:47.921828104+01:00",
  "name": "000-aallow-localhost",
  "enabled": true,
  "precedence": true,
  "action": "allow",
  "duration": "always",
  "operator": {
    "type": "regexp",
    "operand": "dest.ip",
    "sensitive": false,
    "data": "^(127\\.0\\.0\\.1|::1)$",
    "list": []
  }
}

I also see that you've a simple deny rule for Avahi. This may be contributing to latency depending on your OS & network configuration. Perhaps removing or disabling Avahi is worth investigation.

@linux-dummy
Copy link
Author

Hi lainedfles,

thank you for the very fast answer.

You are absolutely right the error was not taking into account the IPv6.
Using regexp rule with "data": "^(127\.0\.0\.1|::1)$" solved the issue !

Thank you !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lainedfles @linux-dummy