[Feature Request] fine-tuned granular traffic routing #1540
Description
INTERACTIVE FIREWALL opensnitch is system addon i dreamed to have in 2007 an later years, windows7 at that time had internal firewall and there was GUI to track which app (who) when and where goes/accesses the internat. I happy using opensnitch.
in 2026 advanced users wanna go to the Internet through a number of different overlay networks and proxies - so need fine-tuned granular control to route their traffic, and opensnich already has super cool interactive GUI.
use cases
some user has
- common vpn to hide traffic from isp and gov
- vpn to access some sites from some restricted area
- home network via tinc, wg, ovpn, etc
- company(ies) network(s), e.g. tailsace
- community networks: yggrdasill, mycellium, ipfs, etc.
- some traffic in order to keep it fast is bypassed - e.g. encrypted p2p.
- different apps may go to the same ip via different networks
- different instances of some app may go via different networks
- same app may go to different destinations via different networks
configuring what app, to what target net/ip, via what network/interface should go is a deal and sometimes hard to predict, so user wanna system asks him when some connection is opened how to route it.
of course, that all is configurable with system DNS, ip route and few other config. But that all wanna be interactive - and this is a problem solvable by opensnitch. it is already already a firewall, and just needs to add routing configuration abilities.
fine-tuned granular traffic routing - the proposal
in short, rules are extended with routing facility
- extend rules with routing - may be just use
ip routesyntax (ovpn configs went this way) - extend GUI according to extended rules
- let user select the network to direct traffic to.
some plumbing
(i think) iproute2 is not able to do the job.
but ebpf does