Little Snitch 4 is now available in final and stable version

[dpedu]

I'm no longer a Mac user, but LS was an essential part of my system where I was. Does anyone know of a similar product for Linux?

[amatecha]

There is OpenSnitch ( https://github.com/evilsocket/opensnitch ) but I'm not sure how well it compares?

[microcolonel]

This app is a decent reason to add signature checking to distros. Though until we're off of X11 the application doing the connecting can just press the button on OpenSnitch itself!

Unless you're on Wayland, OpenSnitch is totally vulnerable. One workaround would be to have OpenSnitch stop the requesting process before displaying the prompt, but if there's a configuration panel any application can just add the exception ahead of time anyway.

[nattmat]

Wasn't this mentioned here a couple weeks ago? https://opensnitch.io/

[j0hnml]

Yes; discussion here: https://news.ycombinator.com/item?id=14245270

[nattmat]

more like a couple months then :) thanks

[mtgx]

Not a firewall, but Firejail is a great sandboxing tool for Linux.

https://firejail.wordpress.com/

[tuxmascot]

Not much in the realm of Linux, to be honest. You'd probably get more security maintaining a SELinux setup on your system and running a hardened kernel.

[majewsky]

That's a different concern, though. Or does SELinux allow you to specify "process X may speak to domain Y with HTTP, but not to any other domains"?

[granda]

Do you have any reference material that goes more in depth?