OpenSnitch is a GNU/Linux port of the Little Snitch application firewall

This page summarizes the projects mentioned and recommended in the original post on

Our great sponsors
  • Scout APM - Less time debugging, more time building
  • SonarQube - Static code analysis for 29 languages.
  • SaaSHub - Software Alternatives and Reviews
  • opensnitch

    OpenSnitch is a GNU/Linux port of the Little Snitch application firewall

    Agree on the GUI however opensnitch does seem to assume a single user with a single X server, I have not been able to figure out a way last time I tried to get it to work with say 2 X servers and a VNC session or two running concurrently (meaning I couldn’t figure out a way to get connection alerts anywhere but in one of them, as also described here )

    Little snitch does not have this issues and you can have multiple users logged in with fast user switching and all can operate their notifications no problem.

  • tinysnitch

    an interactive firewall for inbound and outbound connections

    the issue is that libnetfilterqueue doesn’t have pid information, and so that must be looked up or joined to another data stream at runtime. this can fail. flakes at this point can be dangerous, and can reduce confidence in the system. they can also encourage you to add rules at both system and program level, which is annoying.

    one alternative is to specify rules at system level instead of program level. that’s the approach i ended up landing on[1]. i wish i had finer granularity, but i’m glad i don’t have flakes.

    it’s hard to imagine that monitoring network exfil isn’t THE best way to secure any system. at the least, it’s an important and necessary step.


  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

  • picosnitch

    Monitor network traffic per executable using BPF

    > Linux is still dicey to correlate traffic with a particular app, especially if the connection is/was shortlived.

    This is actually pretty easy and reliable to do now with BPF[0].

    I also used the same approach to create a somewhat user-friendly TUI and web dashboard for it[1]. It is able to hash the executable (even if it was shortlived).



  • bcc

    BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more

    Thanks! Also I used lost_cb [0] to detect if a packet or connection (with security_socket_connect) was missed between the BPF and Python parts, but is it possible for the BPF program to miss either entirely without triggering that callback?

    If so (without a kernel vulnerability which should be a given) I'd like to have it mentioned under the limitations section so others can be aware as well.


  • plonky

    a Perl program to generate a conky rc file

    You can use lsof in Linux to show connexions:

    lsof -i -n -P | grep "\\-\>" | awk '{a[\$1"_p"\$2]++;}END{ for (it in a){print it,a[it]}}' | sort -nr -k2,2

    This project uses conky to display the current connexions:

  • rustdesk

    Open source virtual / remote desktop infrastructure for everyone! The open source TeamViewer alternative. Display and control your PC and Android devices from anywhere at anytime.

    I've got a self hosted host in my office. When you deploy a client, you can rename the Windows exe to include the DNS name and public key of your host and it will then use them - clever idea. So I don't think you need their TURN/STUN. I suspect those are simply provided as a service and nothing more sinister.

    They also provide three or so really low spec jump boxes to get people up and running if they can't self host - again, I call that altruism not sinister.

    I will get Wireshark out anyway to check about this stuff next week.

    You can do your own real due-dil stuff yourself by browsing around this: - read the issues, browse the source (read the comments!) get a feel for the software.

    I'm asserting that it is no worse than anything else. I can also assert that the binaries that I get on Arch Linux are probably from the official sources (I checked a few strings etc). I can't sign off the Windows binaries but I can assert that I do trust them from their GitHub repo.

    I can assert things until I'm blue in the face but I trust rustdesk more than most remote access facilities for now but I am still kicking the tyres.

  • libprocesshider

    Hide a process under Linux using the ld preloader (

    unfortunately malicious lkms and userland rootkits can hide processes/connections from lsof/netstat

  • SonarQube

    Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.

  • opensnitch

    OpenSnitch is a GNU/Linux application firewall (by gustavo-iniguez-goya)

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts