opensnitch

OpenSnitch is a firewall application for Linux that gives you control over which programs on your computer are allowed to make connections to the internet. Most firewalls block incoming traffic by default and leave outgoing traffic unrestricted. OpenSnitch watches outgoing connections too, and pops up a prompt whenever an application tries to contact a server, letting you allow or deny that specific connection.

The idea is borrowed from Little Snitch, a well-known Mac application that does the same thing. On Linux, OpenSnitch fills the same role: if an app suddenly starts phoning home to an unexpected address, you will see it and can block it. This can catch adware, telemetry, or unexpected data leaving your machine.

Beyond per-app prompts, OpenSnitch can block entire categories of domains system-wide, such as known ad networks, tracker lists, or malware domains. It also lets you configure the broader system firewall (using the Linux nftables system) through a graphical interface, setting rules for inbound connections as well. For teams or organizations, it supports managing multiple machines from a single central interface, and it can send event data to security monitoring systems.

Installation is done through standard Linux package files: a .deb for Debian-based distributions like Ubuntu, or an .rpm for Fedora and similar. After installing, you run the graphical interface from the applications menu. The firewall itself runs as a background service.

The project is open source under the GPL3 license and is actively maintained by community contributors. A Discord server and GitHub Discussions page are available for questions and for sharing examples of unexpected connections that users have caught.