I saw the news about Little Snitch coming to Linux via eBPF and Rust. On paper, it looks fancy. In reality, the backend is closed source.
Personally, I don’t see the point in installing a proprietary black box to monitor other black boxes. I’m sticking with my AdGuard Home setup and OpenSnitch for when I actually need to trace a binary.
I wrote up my thoughts on why I think this is a solved problem for most FOSS-first home labs.
Not familiar with this, but jumping on the opensnitch bandwagon. I use it, plus ufw, plus pihole.
Kill the DNS lookups, kill it at the network level of possible, and if it’s sneaky OpenSnitch catches it at the application layer.