#opensnitch firewall seems to work fine with #guix. Just had to:
- install it with #nix
- create /etc/opensnitchd/default-config.json and /etc/opensnitchd/system-fw.json manually (copy them from the daemon repo)
- create the $HOME/rules folder
- launch the daemon and the UI as root.
One issue is that, by default, the program creates rules from full paths to executables, which is often /gnu/store/ on #guix… Which means such rules would have to be recreated after each package update.
The rules support regexes, but using that would require more configuration effort.
And is there a point in a firewall if I have to allow every request from #emacs? I suppose I could block the telemetry from the few proprietary apps I have left.
…oops, the UI just SIGSEGV’ed. Maybe not quite fine.