New localhost rules in 1.7.2 are allowing all windows programs runing under wine to phone home.

[indianajonesilm]

Did anyone notice that using opensnitch v1.7.2 that you never get an opensnitch popup when installing and running Windows games on Heroic Games Launcher or any wine type application. Is it because of the new localhost rules? Does wine/proton somehow tunnel all network traffic through localhost? As soon as I disable the localhost rules and restart then opensnitch pops up and asks if I want to block it. I'm just a little confused.

Edit: Maybe this is a stupid question lol. Never mind.

[gustavo-iniguez-goya]

not a stupid question @indianajonesilm ! double click on the localhost rules, and see (or post) the connections that matched the rule.

If they're localhost to localhost connections should be expected. This was added per request here: #965

[gustavo-iniguez-goya]

@indianajonesilm , please, modify the rule 00-allow-localhost to allow connections only to 127.0.0.1 instead of 127.0.0.0/8 and see you see again the popups.

[indianajonesilm]

Okay. Without modifying the rule, I run the game and get no opensnitch popup.

I modified the rule to allow only 127.0.0.1 and I get the following popup. (I scratched out some personal info)

Is the game actually communicating with galaxy-log.gog.com before I modified the rule?

[indianajonesilm]

I tried to using Wireshark to monitor communication in/out my Ethernet port. The local DNS cache

says gog.com is 151.101.1.55
Wireshark shows communication with gog.com even with opensnitch running.

Is opensnitch not able to block individual programs running under wine/proton?

[gustavo-iniguez-goya]

Thank you @indianajonesilm ! I'll modify the rule to allow connections only to 127.0.0.1, instead of 127.0.0.0/8.

And actually, maybe we should even restrict the rule to 127.0.0.1 + a small list of processes (dirmngr, xbrlapi, kdeinit5, ...)