Little Snitch, the application firewall that has monitored outgoing connections on macOS for over two decades, is now available for Linux. The version is completely free and was developed by Christian Starkjohann of Objective Development, an Austrian company. The motivation, as the developer himself explains, is personal: after installing Linux on old computers, he wanted a tool that provided the same Little Snitch experience he had on macOS. Alternatives like OpenSnitch or Portmaster already existed, but according to Starkjohann, none offered exactly what he was looking for: the ability to see which process communicates with which server and block it with a single click.

How It Works

The Linux version relies on eBPF (extended Berkeley Packet Filter) to intercept traffic at the kernel level without modifying the kernel itself. The application code is written in Rust, while the interface is a web app accessible from any browser at localhost:3031. This might seem like an unusual choice for this type of tool, but it allows you to monitor connections on a Linux server remotely, for example to keep tabs on what Nextcloud or Home Assistant are doing.

What’s Open and What Isn’t

The eBPF kernel component and the web interface are released as open source under the GPLv2 license, with code available on GitHub. The backend, however, remains proprietary: it handles rules, blocklists, and the hierarchical view of connections, and represents over two decades of experience accumulated with the macOS version. Objective Development makes it available for free but prefers not to open-source it for now.

Visibility, Not Security

An important point: Little Snitch for Linux is not a security tool. On macOS, filtering happens at the system level with stronger guarantees, while eBPF imposes strict limits on program complexity and the amount of data it can handle. With very heavy traffic, filtering tables can overflow, making it possible to bypass rules. The goal, the developer clarifies, is to provide visibility into connections and block those from legitimate software that isn’t actively trying to evade monitoring.

Requirements and Availability

Little Snitch for Linux requires kernel 6.12 or later with BTF support (Ubuntu 25.04 or newer). Packages are available for 64-bit Intel/AMD, ARM64, and RISC-V architectures. The project is at version 1.0.0 and still has some limitations: it currently doesn’t work with the Btrfs filesystem, used by default in Fedora, but a fix is already in the works.

If you want to keep an eye on network traffic on your Linux server or even just your laptop, you now have another option, and it carries a name that’s already a guarantee in the macOS world.