Little Snitch for Linux
I decided to use eBPF for traffic interception at kernel level. It’s high performance and much more portable than kernel extensions. The main application code is in Rust, a language I’ve wanted to explore for quite a while. And the user interface was built as a web application. That last choice might seem odd for a privacy tool, but it means you can monitor a remote Linux server’s network connections from any device, including your Mac. Want to know what Nextcloud, Home Assistant, or Zammad are actually connecting to? Use Little Snitch on the server.
[…]
But in summary: on Ubuntu, I found 9 system processes making internet connections over the course of one week. On macOS, we counted more than 100.
[…]
The kernel component, written for eBPF, is open source and you can look at how it’s implemented, fix bugs yourself, or adapt it to different kernel versions. The UI is also open source under GPL v2, feel free to make improvements.
[…]
One important note: unlike the macOS version, Little Snitch for Linux is not a security tool. eBPF provides limited resources, so it’s always possible to get around the firewall for instance by flooding tables.
Previously:
- Tahoe Won’t Unload Network Extensions
- Sequoia Network Extension Memory Leak
- Little Snitch 6 and DNS Encryption
