Little Snitch, the host-based application firewall for macOS, is coming to Linux, for free

Objective Development has announced the release of Little Snitch for Linux, bringing its renowned host-based network firewall from macOS to the Linux environment, for free. The Linux edition leverages extended Berkeley Packet Filter (eBPF) for kernel-level traffic interception, offering high performance and a modern alternative to kernel extensions. The main application logic is written in Rust, enhancing safety and cross-platform portability.

Building on this technological foundation, the user interface is implemented as a web application. This architecture makes it possible to remotely monitor network connections on Linux servers from any device, including Mac computers. While this version brings key monitoring and blocking features, it sits between Little Snitch Mini and the full macOS version in both feature scope and user interface refinement. The backend manages rules and blocklists but does not include every advanced feature found on macOS.

For transparency and community involvement, the eBPF-based kernel component and web UI are published as open source. However, the backend code remains closed, as Objective Development cites proprietary algorithms shaped by decades of experience. It's important to note that Little Snitch for Linux is designed for privacy and visibility into network activity, rather than as a security tool. Due to eBPF constraints, firewall rules can potentially be bypassed, such as by flooding filter tables.