Little Snitch, the popular macOS network monitor and firewall, now has a Linux version. It uses eBPF to intercept outgoing connections, tracks network activity per application, and supports blocklists in common formats. The UI is served as a local web app accessible via browser or PWA. Rules can target specific processes, ports, and protocols. Configuration is done via plain text TOML files with an override system. The tool is explicitly positioned for privacy (monitoring what software phones home) rather than security hardening, due to eBPF limitations around cache overflow under heavy traffic and DNS-to-IP heuristics. The eBPF program and web UI are GPL-2 open source; the daemon is proprietary but free to use.
Table of contents
Getting startedSecuring accessUnder the hoodAdvanced configurationA word on limitationsLicenseSort: