Linux users are buzzing as Little Snitch finally lands on the platform. The macOS network‑traffic gatekeeper now runs on Linux using eBPF for kernel‑level monitoring and is written in Rust, offering a sleek web UI for non‑terminal fans. However, only peripheral components are open source; the core decision engine that blocks traffic remains closed.

Open‑source purists reject the model, arguing that swapping macOS for Linux shouldn’t replace one opaque binary with another. In a personal lab the author relies on AdGuard Home for DNS‑level filtering, eliminating most telemetry before it leaves Proxmox nodes, and pairs it with Wordfence for application‑specific protection, avoiding the need for a per‑VM firewall.

Those needing granular visibility can turn to OpenSnitch, the community‑driven Linux firewall whose code is fully auditable. While less polished than the new port, it provides per‑application blocking without sacrificing transparency. The arrival of Little Snitch signals mainstream interest in outbound monitoring, yet the Linux community remains committed to open tools that keep both privacy and trust intact.

Because the core engine stays proprietary, many sysadmins stick with their existing stack rather than introduce a black box. The consensus on Hacker News reflects a broader tension: developers crave the performance benefits of eBPF and Rust, but refuse to compromise the auditability that underpins security tooling.