evilsocket
[Feature Request] How to find the rule, that was last created
I'm not sure yet, if this will become a feature request. Maybe there is already a good way to achieve, what I want to achieve.
Often the OpenSnitch dialogue box pops up and I create a rule.
Shortly afterwards, I would like to look at (and possibly edit) this rule again. To do this, I open the OpenSnitch GUI -> tab: rules.
There is a column called time.
But I am sure, that this is not the time during which a rule was created or changed. If this was the time, when the rule was created, I could simply sort the time column and then open the rule with the most recent time. But as this is not the time when the rule was created, this does not work and I have to search for the rule somehow.
Question: Is there an easy and user friendly way to quickly find the last changed or created rule?
If so, thank you very much for the answer. If no: Idea for a feature request: Add a creation/change time column for the rules we can find in the table in the rule-tab.
What do you think? Would appreciate some feedback. Thank you.
Hi @Golddouble ,
The column Time should reflect the time when a rule was created. If it isn't then it's a bug. Editing the rule should also update the Time column, although it may take a few seconds.
As far as I can tell, "it works on my machine" (tm). Try executing telnet $ telnet 1.1.1.1 and see if the Time column is updated correctly. If it's not, write down the value displayed on the GUI and the actual time when you executed it.
Thank you.
I have runned the command
$ telnet 1.1.1.1
What has happened? Of course the rule created with the pop-up of this command has now the time, when it was created.
But...
After, I have started a Lutris programme.
There was no need to create OpenSnitch rules for Lutris, because I have already created them month ago.
But now, after having started my Lutris programme the "time" column in the OpenSnitch tab "rules" shows me rules from Lutris as the most recent rules, although I have not created or changed this rules.
It looks for me like the column "time" does not show the date of the change or creation of a rule, but I guess it is the time, when this rule was used from OpenSnitch to filter the last time.
mmh, yes, you're correct. The Time column reflects the last time a rule was applied on a connection. But there's no column that indicates when a rule was created.
Maybe the Time column should be called "Last seen" or "Last update".
Or maybe "last used" or "last applied".
But my question from post 1 remains:
Question: Is there an easy and user friendly way to quickly find the last changed or created rule?
Question: Is there an easy and user friendly way to quickly find the last changed or created rule?
The last changed rule is the value of the Time column, whenever an outbound connection matches a rule it's updated accordingly.
But there's no column to view when a rule was created. The date is saved to the file on disk (/etc(opensnitchd/rules/), but it's not displayed on the GUI.
Thank you.
I am not that familiar with the OpenSnitch terminology. Maybe we mean something different regarding the wording "changed rule". To avoid misunderstandings: When I was talking about a "changed rule" above, I meant the following:
- open the OpenSnitch rules-tab by the user
- manually edit an existing rule by the user
- press the apply button by the user
When you talk about "changed rule", you mean that a rule was applied on a connection automatically by OpenSnitch itself, and I guess here, the rule is still the same as before.
That confuses me. Is that the same thing? Does OpenSnitch not distinguish between these two events?
Thank you.
/bin/ls -tlr /etc/opensnitchd/rules/ --time=creation
...works for me, YMMV.
