Objective Development announced that Little Snitch is coming to Linux, bringing a well-known network monitoring tool from the Mac world to the open-source desktop and server space.
If you’re not familiar with it, Little Snitch is a network monitoring and connection-control tool that shows which applications and background services try to access the internet, which servers they contact, and lets users allow or block those connections via custom rules.
Users can review current and past activity, sort connections by recent use or data volume, and block unwanted connections with a single click. This makes it easier to spot unexpected network activity and restrict software that phones home.
In its Linux implementation, Little Snitch is built around eBPF for kernel-level traffic interception, uses Rust for the main application logic, and presents its interface as a web application rather than a native desktop UI. The good news is that this design also allows monitoring of remote Linux systems from another device.
Regarding licensing, Objective Development states that the eBPF kernel component is open source and that the web UI is available under the GPLv2 license. However, the backend daemon that manages rules, block lists, and the hierarchical connection view remains closed source, though it is free to use.
Another important thing is that, unlike the macOS version, Little Snitch for Linux is not positioned as a hardened security tool. The devs say eBPF has resource limits, so determined software could bypass blocking in some cases, for example, by exhausting tables.
Instead, the Linux version is framed mainly as a privacy and visibility tool, designed to show which applications make outbound connections and let users block traffic from ordinary software not actively trying to evade control.
The software works on kernel 6.12 and newer. On older kernels, the project currently hits the eBPF verifier’s maximum instruction limit. The company adds that support down to kernel 5.17 may be possible with further work. On Linux, Little Snitch runs as a systemd-managed service and exposes its interface through a local web UI on port 3031.
For more details, see the announcement. Downloads are currently available as .deb (Debian / Ubuntu / Mint), .rpm (Fedora / Alma / Rocky), and .pkg.tar.zst (Arch / Manjaro / EndeavourOS) packages for x86_64, ARM64, and RISC-V 64-bit systems.
