I saw the news about Little Snitch coming to Linux via eBPF and Rust. On paper, it looks fancy. In reality, the backend is closed source.
Personally, I don’t see the point in installing a proprietary black box to monitor other black boxes. I’m sticking with my AdGuard Home setup and OpenSnitch for when I actually need to trace a binary.
I wrote up my thoughts on why I think this is a solved problem for most FOSS-first home labs.
These things are for the nasty little surprises, more relevant for the proprietaries, but not useless on linux. They’re for the unknown unknowns, and that’s a good thing. The next supply chain vuln might bite you, and opensnitch might let you know.