When I switched to Mac OS X (now macOS), I did so on the advice of my Linux mentor (yes, that's right). I made the leap from Linux, a system I've never completely abandoned for decades, but before that, like everyone else, I used Windows. Looking after security was something I had learned well, and one of the few tools of this kind available for Mac was Little SnitchYesterday, its developer announced also a version for Linux.
The story begins with how they intend Governments control everything we do on the network. In short, its developer wanted to take refuge in Linux, and after looking at what was available, nothing convinced him. Not even OpenSnitch, about which we have an archive articleChristian wants to see what's calling where, and have control over every connection. That's why he created Little Snitch for Linux.
Little Snitch for Linux works at the kernel level
Little Snitch uses eBPF to intercept traffic at the kernel levelThis offers better performance and is easier to port. The code is written in Rust, but it's not entirely open source; the backend is not.
For reference, he's been using Ubuntu, and although it makes many calls to Canonical, it only found 9 processes making internet connections in a week. In the same time, macOS made more than 100. Firefox, meanwhile, connects to an advertising platform and a telemetry platform as soon as it starts up, without even browsing.
Installation on Linux
Installing Little Snitch on Linux isn't very complicated. Although the information says it works on Linux distributions 6.12 and later, it failed for me on Manjaro with 6.19 and on the Ubuntu 26.04 Daily Build, which uses a preview version of Linux 7.0. If you're using an Arch-based distribution, you can install Little Snitch from the AUR (the package is called littlesnitch-bin). It's also available as .deb, .rpm, and .pkg.tar.zst packages for Debian/Ubuntu, Fedora/RHEL, and Arch-based distributions, respectively. It only requires a compatible kernel to work.
Once installed, write Littlesnitch In a terminal window, the daemon will run and open the browser with the path to localhost on port 3031, allowing you to monitor traffic and apply rules.
The program is in English, but it's not very difficult to use; the interface is clear and simple. To create a rule, you can click on the green ball next to each process.
NOTICEIt's worth mentioning some of the problems I encountered during my testing. On Ubuntu 26.04 with Linux 7.0 development, I managed to install it, but I couldn't reboot and log back into the system. I noticed the same behavior on EndeavourOS: I installed it with the Linux kernel 6.18, but when I tried to boot with 6.19, I couldn't access the operating system. I don't know why this is happening or if it only occurs in virtual machines, but if it does, you can try using a different kernel or booting into the terminal and removing the littlesnitch package.
Little Snitch can be useful for everything governments are trying to achieve, and Linux should be a safe haven.