LittleSnitch for Linux

hackingonempty

LittleSnitch doesn't tattle on itself phoning home.

Bromeo

How does it compare to opensnitch? https://github.com/evilsocket/opensnitch

SamuelAdams

So if this is free to use on linux, what is to stop someone from doing what Colima did to Docker? Aka make a tiny Linux VM on MacOS and package Little Snitch within that?

rvz

Also from [0]. > You can find Little Snitch for Linux here. It is free, and it will stay that way. Don't worry, the authors know that there's no point in charging Linux users. Unlike Mac users. So you might as well make it $0 and the (Linux) crowd goes wild that they don't need to pay a cent. However... > I researched a bit, found OpenSnitch, several command line tools, and various security systems built for servers. None of these gave me what I wanted: see which process is making which connections, and in the best case deny with a single click. OpenSnitch is open source. You don't need to trust it as you can see the code yourself. Little Snitch on the other hand, is completely closed source. Do you still trust them not to do self-reporting or phoning home, even though it is $0 and closed source? [0] https://obdev.at/blog/little-snitch-for-linux/

alhazrod

I remember before Little Snitch there was ZoneAlarm for Windows[0] (here is a good screenshot[1]). No clue if the current version of ZoneAlarm does anything like that (have not used it in 2 decades). I always found it weird that Linux never really had anything like it. [0]: https://en.wikipedia.org/wiki/ZoneAlarm [1]: https://d2nwkt1g6n1fev.cloudfront.net/helpmax/wp-content/upl...

Avicebron

Probably should throw it out there that I'm building something inspired by littleSnitch for windows. Currently a bit stealthy about it. But when I crowd source the funding for a code signing cert I'll get it out there. Lots of inspiration from LittleSnitch, in spirit if not actual code.

Cider9986

This has the author's blog post on it https://obdev.at/blog/little-snitch-for-linux/

serious_angel

> The macOS version can make stronger guarantees because it can have more complexity. On Linux, the foundation is eBPF, which is powerful but bounded: it has strict limits on storage size and program complexity. Under heavy traffic, cache tables can overflow, which makes it impossible to reliably tie every network packet to a process or a DNS name. > And reconstructing which hostname was originally looked up for a given IP address requires heuristics rather than certainty. The macOS version uses deep packet inspection to do this more reliably. > That's not an option here. > > Source: https://web.archive.org/web/20260409002901/https://obdev.at/products/littlesnitch-linux/index.html The above feels like an utter AI slop nonsense, sorry. I believe eBPF, the Linux Kernel feature, is absolutely capable for accuracy and perfect processing of network traffic. Have you ever checked Calico or Cilium, or at least, Oryx?

waterTanuki

Why would one use this over PiHole?

FloatArtifact

I wish applications like this could coordinate with upstream firewall like opnsense

mostlysimilar

Incredible. LittleSnitch is must-have for macOS and trying to get equivalent functionality on Linux was painful. So very happy to see this, and very happy to give the developers at Objective Development my money.

mathfailure

Nice to have this as an extra option, but being a linux user I value openness of code. I am pretty content with opensnitch + opensnitch-ui.

Dig1t

>The daemon (littlesnitch --daemon) is proprietary, but free to use and redistribute. Worth noting that it is closed source. Would be worth contributing patches to OpenSnitch to bring it up to parity with Little Snitch. https://github.com/evilsocket/opensnitch

flexagoon

Also see Safing Port master: https://safing.io/

mrbluecoat

> The macOS version uses deep packet inspection to do this more reliably. That's not an option here. Isn't MacOS just *nix under the hood? Genuinely curious about this difference.

txrx0000

As articulated in the author's own blog post: https://obdev.at/blog/little-snitch-for-linux/ The core issue is simple and uncomfortable: through automatic updates, a vendor can run any code, with any privileges, on your machine, at any time. ----- If the author is serious about this, then they should make their own program completely open source, and make builds bit-for-bit reproducible. For all I know, the proprietary Little Snitch daemon, or even the binaries they're distributing for the open source components, contain backdoors that can be remotely activated to run any code, with any privileges, on your machine, at any time.

parhamn

Okay hear me out, I use little snitch for a while. Great product. Love finding out what phones where. I make every single request (except my browser, because I'm fine with their sandbox) block until I approve. Recently I was wondering how you really have to trust something like little snitch given its a full kernel extension effectively able to MITM your whole network stack. So I went digging (and asked some agents to deep research), and I couldn't find much interesting about the company or its leadership at all. All a long way to say, anyone know anything about this company?

VladVladikoff

Really like Lulu as an alternative to LittleSnitch https://objective-see.org/products/lulu.html

alsetmusic

Congrats to Linux users on getting a great tool from a quality development shop. Objective Development is one of our (Mac users) exemplars for attention to detail and fit & finish. Congrats to Objective Development for expanding their well-loved tool to a new platform. You guys rock.

badc0ffee

Does anyone know how the blocking functionality works? I worked on some eBPF code a few years ago (when BTF/CO-RE was new), and while it was powerful, you couldn't just write to memory, or make function calls in the kernel. Is there a userland component that's using something like iptables? (Can iptables block traffic originating from/destined to a specific process nowadays?)