Introduced the first release of the Linux version of the application firewall Little Snitch, which is popular among users of the macOS platform. Little Snitch provides a graphical interface that allows you to interactively monitor application network activity and block unwanted network traffic. The eBPF subsystem is used to inspect and block traffic in Linux. The eBPF programs loaded into the kernel, the library of functions and the web interface are distributed under the GPLv2 license. The background process is written in Rust and is distributed under a proprietary license that allows distribution and free use.
The program allows you to visually assess which hosts are currently being accessed by applications in the system, view the history of network activity and track the volume of traffic. It is possible to block unwanted connections and connect blocking lists, both your own and external lists, such as oisd.nl, designed to block advertising, tracking services, telemetry collection systems, phishing and other unwanted activity. External lists can be automatically updated. Blocking is carried out at the level of IP addresses, subnets, and domain names.
The program includes a BPF handler loaded into the Linux kernel and the littlesnitch background process. Management is carried out through a web interface, accessible by opening the page “https://localhost:3031/” in the browser. It is possible to work with the web interface as a separate web application (PWA – Progressive Web App). Supports operation on systems with Linux kernel 6.12 and later.
Additionally, it can be noted that there is a more functional open analogue of Little Snitch for Linux – OpenSnitch, which supports interactively monitor the network activity of applications. When applications attempt to establish network connections that are not subject to previously set permissions, OpenSnitch displays a dialog asking the user to decide whether to continue the network operation or block network activity.