LittleSnitch for Linux
4 hours ago
- #linux-security
- #network-monitoring
- #privacy-tools
- Open Little Snitch UI by running in terminal or accessing http://localhost:3031/, which is bookmarkable or installable as a PWA.
- Connections view shows network activity, blocked connections, data volumes, and allows blocking with one click; traffic diagram visualizes data over time with zoom/filter.
- Blocklists block categories of traffic automatically, support formats like domain/hostname lines, /etc/hosts, and CIDR networks, but not wildcards or regex; prefer domain-based lists.
- Rules offer granular control over specific processes, ports, or protocols, and can be sorted/filtered in the rules view.
- Web UI is open locally by default; enable authentication in web_ui.toml for security, especially if exposed beyond loopback.
- Configuration involves editing TOML files in /var/lib/littlesnitch/overrides/config/, with key files for UI settings, default connection action, and executable grouping.
- Built on eBPF for Linux, with limitations like storage constraints and heuristic-based hostname resolution, unlike macOS's deeper inspection.
- Focused on privacy and monitoring, not security hardening; components include open-source eBPF and UI under GPLv2, and a proprietary daemon.