A Linux version of Little Snitch, the well-known network monitoring and firewall tool for macOS, has recently been released. This new iteration is developed in Rust and utilizes eBPF for efficient kernel-level traffic interception, enabling sandboxed applications to operate within the Linux kernel without needing any modifications.
The tool effectively identifies processes on the system that are establishing network connections, providing users the capability to block these connections as desired.
Christian Starkjohann, the creator from the Austrian software company Objective Development, was motivated to build the Linux port as he felt vulnerable after installing Linux on older hardware without the application’s protections. While there are existing alternatives like OpenSnitch and various command-line options, none met his needs for easy visibility and control over network connections. Thus, he created a tool that requires only a single click to block unwanted traffic.
It’s important to note that the Linux version is designed primarily as a privacy tool rather than a security solution. The resource limitations of eBPF might make it susceptible to manipulation through excessive traffic, focusing instead on monitoring legitimate software activities.
After running the tool on a standard Ubuntu setup for a week, Christian noted only nine system processes made internet connections, a stark contrast to over 100 connections typically seen on macOS. For example, Firefox contacted Mozilla’s servers upon launching, while LibreOffice did not initiate any network connections during its use.
One distinct feature of Little Snitch for Linux is its web-based interface, enabling remote monitoring from any device. This configuration is particularly beneficial for users managing servers running services like Nextcloud.
The application is free to download and utilize, although it is not entirely open-source. While the eBPF kernel component and the user interface are open for review, the backend remains proprietary to safeguard the intellectual property built upon two decades of experience with Little Snitch.
To use Little Snitch on Linux, you will need a distribution running kernel version 6.12 or higher, with potential support for earlier versions pending community contributions.
You can download Little Snitch for Linux here. For more insights into its development, you can read further on the developer’s blog.