Products Little Snitch Little Snitch Mini Micro Snitch LaunchBar Internet Access Policy Viewer More Products Shop Support Blog
Little Snitch for Linux
Overview Download Prereleases

Download Little Snitch for Linux

We offer packages for four major 64-bit CPU architectures found in desktop and laptop computers today. For each architecture, we provide .deb (Debian, Ubuntu, Mint, Kali, …), .rpm (Fedora, RHEL, openSUSE, CentOS, …) and .pkg.tar.zst (Arch, Manjaro, CachyOS, EndeavourOS, …). Choose the right combination from the list below. For statically linked binaries scroll down.

Packages
littlesnitch-1.1.0-1-aarch64.pkg.tar.zst Download5.8 MB
littlesnitch-1.1.0-1-ppc64le.pkg.tar.zst Download6.4 MB
littlesnitch-1.1.0-1-riscv64.pkg.tar.zst Download5.8 MB
littlesnitch-1.1.0-1-x86_64.pkg.tar.zst Download6.1 MB
littlesnitch-1.1.0-1.aarch64.rpm Download6.5 MB
littlesnitch-1.1.0-1.ppc64le.rpm Download7.0 MB
littlesnitch-1.1.0-1.riscv64.rpm Download6.2 MB
littlesnitch-1.1.0-1.x86_64.rpm Download6.9 MB
littlesnitch_1.1.0_amd64.deb Download6.7 MB
littlesnitch_1.1.0_arm64.deb Download6.4 MB
littlesnitch_1.1.0_ppc64el.deb Download6.8 MB
littlesnitch_1.1.0_riscv64.deb Download6.1 MB
Scroll down for release notes.

Minimum system requirements

Kernel version

Little Snitch for Linux requires Linux kernel 6.12 or newer, built with BTF support. In practice this means Debian 13, Ubuntu 25.04, Mint 22, Fedora 40, RHEL 10. If you're unsure which kernel you're running, uname -r will tell you.

The 6.12 requirement exists because that release significantly improved the eBPF verifier's ability to follow program logic, which reduces the number of code paths it needs to analyze. There is some hope that a future refactor of the eBPF code could bring compatibility down to kernel 5.17, but that hasn't happened yet.

BTF and function tracer support

BTF is what makes CO-RE (Compile Once – Run Everywhere) possible. This mechanism lets Little Snitch run across different kernel versions without needing to be recompiled for each one, the way a traditional loadable kernel module would. It works by reading kernel-provided metadata from /sys/kernel/btf/, which describes the data structures and function addresses of the running kernel.

All major distributions enable BTF by default, and its presence is easy to verify: if /sys/kernel/btf/ exists, you're good. The exception is kernels built for embedded systems or low-memory hardware, which sometimes omit BTF to save space. Those kernels are incompatible with Little Snitch regardless of their version number.

Function tracing allows BPF programs to intercept any function in the kernel, private or public, and inspect the function's arguments. Little Snitch uses a tracing program to find the executable file node before it is possibly passed to an interpreter. This way it can show the path to a script, not just the interpreter's path. The kernel must be built with CONFIG_FUNCTION_TRACER=y and popular Linux distributions are.

Optional DNS configuration

Little Snitch for Linux needs to track DNS lookups (resolving server names to IP addresses). This information is needed to show server names in the list of connections. Tracking lookups works best if Little Snitch can intercept them before any caching occurs. If your system uses systemd-resolved, you get better results by removing the resolve option from the hosts: line in /etc/nsswitch.conf. For example:

hosts: files myhostname mdns4_minimal [NOTFOUND=return] dns

Hardened kernels

Little Snitch for Linux relies on the eBPF helper `bpf_probe_read_kernel()` for computing the file system path of executables from the kernel's internal structures. This helper may not be available on hardened kernels for security and privacy reasons, so Little Snitch is incompatible with these versions.

Verifying download integrity

To check the integrity of downloaded packages, download the following two files and follow the instructions in the .hashes.txt file.

Integrity Check
littlesnitch-1.1.0.hashes.txt Download3.21 kB
littlesnitch-1.1.0.hashes.txt.sig.github.json Download6.61 kB

Statically linked binaries

If our binary does not run on your computer, telling you that a library is missing, you can try our statically linked binaries. These binaries have almost no external library dependency.

The archives below contain the littlesnitch binary, the Systemd service file and SysVinit start script. For any other init system just make sure to run littlesnitch --daemon on system start. The daemon manages everything else.

Statically Linked
littlesnitch-1.1.0-amd64-linux-musl.tar.gz Download7.4 MB
littlesnitch-1.1.0-arm64-linux-musl.tar.gz Download6.9 MB
littlesnitch-1.1.0-ppc64le-linux-musl.tar.gz Download7.5 MB
littlesnitch-1.1.0-riscv64-linux-musl.tar.gz Download6.7 MB

Legacy versions

Legacy versions can be downloaded here. Please note that new versions may fix vulnerabilities and running legacy versions may be a security risk.

Release Notes

July 13, 2026

Little Snitch for Linux 1.1 (1010099)

This version introduces automatic software update notifications. When a new version of Little Snitch becomes available, you will now be notified directly in the UI.

We recognise that automatic update checks raise privacy concerns for some users and may be in conflict with third party redistribution systems, which often manage software updates independently. You can completely disable this feature by creating an empty file at:

/var/lib/littlesnitch/override/config/software_update.toml

If you do so, you can stay up to date by monitoring our download page or subscribing to GitHub releases instead.

Note to redistributors: The update behaviour can be fully customised using software_update.toml in the override config directory. Add an empty file to disable our update notification or edit to change behavior.

Improvements

  • Compatibility with Linux 7.1. A change in Linux 7.1 broke Little Snitch. This update works around that issue so the app runs correctly again on recent kernels. As a side-effect of this fix, Little Snitch will take a bit longer to start up. Once it's running, everything should behave as normal.
  • Configuration allows binding to privileged ports. The port number for the web interface can now be configured to values below 1024 (privileged port range).

Bug Fixes

  • Port matching not working reliably. Rules targeting specific ports (e.g. "only allow traffic on port 443") sometimes failed to apply correctly.
  • Rules for AppImage programs not working. If you created a rule for an app packaged as an AppImage, it may not have worked properly. These rules now function as expected.
  • Indication of port-specific rules in connection list. Rules that were limited to a specific port weren't showing up in your connection list. Now they do.
  • Sudden huge memory consumption. A rare bug that could cause Little Snitch's background process to suddenly use an excessive amount of memory has been fixed.
  • False attribution of domain name to incoming connections. Previously, an incoming connection could sometimes be mislabeled with a domain name due to a mix-up with cached lookup data. This has been fixed.
  • Garbled icons in the Rules list. The column showing whether a rule applies to incoming or outgoing traffic was displaying raw code instead of the intended icon.
  • Automatic Dark/light mode switch. When following the OS theme, the app's theme was sometimes showing the opposite of your system setting (dark when you wanted light, or vice versa). It now matches correctly.
May 11, 2026

Little Snitch for Linux 1.0.9 (1000999)

Security improvements

  • The daemon now aborts when a requested security feature could not be activated, ensuring the problem cannot be silently ignored. Two new command-line options allow security features to be explicitly disabled when needed: --no_capability_sandbox and --no_file_sandbox.
  • Fixed a bug that prevented Landlock (file sandbox) from activating.
  • The SysVinit script now contains a section for OpenRC. However, it is not compatible with OpenRC out of the box. The #!/bin/sh line must be removed so that #!/sbin/openrc-run takes effect.
  • New configuration option ui_base_urls for the Web UI adds a check against Cross-Site Request Forgery. If you have overridden web_ui.toml, consider adding this option to your override file.

Other bugfixes

  • Fixed a zombie-process leak when the privileged helper is not needed.
May 6, 2026

Little Snitch for Linux 1.0.8 (1000899)

Yesterday's security update accidentally broke the disclosure buttons in the connections section. This release restores them.

This release also includes two new features:

  • Logout button: If you've set a password to protect the Little Snitch interface, you can now log out directly from the UI to end your session.
  • Configurable localhost/localnet: The definitions of localhost and localnet are now stored in a config file, allowing you to customize them to fit your network setup.
May 5, 2026

Little Snitch for Linux 1.0.7 (1000799)

This release focuses on security hardening of the local web interface and authentication system.

Security

  • Brute-force protection: failed logins now trigger a hold-off period, simultaneous attempts and per-user login attempts are capped.
  • Passwords are zeroed in memory immediately after use, and all password checks run inside the privileged helper process.
  • Blocklist downloads are capped at 100 MB to prevent denial-of-service from a malicious update server. file:// blocklist URLs are no longer accepted.
  • CORS and WebSocket origin checks are tightened. A host like localhost.evil.com no longer passes. A Content Security Policy header is now sent on all responses.
  • All user-supplied input is validated: control characters are stripped, lengths are capped, and unsafe UTF-8 conversions on external data have been removed.
  • The auto-generated TLS certificate is now persisted so clients can pin it.

Bug fixes

  • Fixed GlobalSettings accumulating a new database row on every change.
  • Fixed a crash during traffic history iteration when the database contained an invalid entry.
  • Fixed decoding of login credentials. This bug could prevent users with certain names/passwords from logging in on the web interface.

Improvements

  • Access can now be restricted to members of a specific system group.
  • The PAM service name used for authentication is configurable.
  • Regular traffic history updates use less CPU time now.
April 29, 2026

Little Snitch for Linux 1.0.6 (1000699)

Bug Fixes

  • Fixed package install for Fedora Atomic versions. Since rpm-ostree runs in a sandboxed environment, the post-install script always failed and the install was rolled back. Errors are now ignored to allow installation.
  • Improved compatibility with SysVinit and OpenRC. Added relevant directories to $PATH in startup script and improved detection of init system in post-install script.
  • Rules for an executable were discarded if at least one component of its path was not visible to every user. This bug was caused by a missing capability for Little Snitch's daemon.
  • When an executable was added after a rule for its path was created, the rule did not match.
  • DNS responses with loopback addresses (127.0.0.0/8, ::1) are now discarded. These are most likely names blocked by Pi-hole, and such blocked names should not appear for loopback traffic.
  • A connect system call for a UDP socket is no longer shown as activity in the connections list. For UDP, no data is sent at connect time.
April 24, 2026

Little Snitch for Linux 1.0.5 (1000599)

This release fixes a bug where network traffic from Java applications was not shown. This bug affected all processes which open a socket with address family AF_INET6, but use 6-to-4 compatibility addresses to send IPv4 traffic.

It also adds an init.d script for OpenRC and SysVinit compatibility to the installer packages.

April 23, 2026

Little Snitch for Linux 1.0.4 (1000499)

Improvements

  • Improved compatibility with various kernel configuration options. Now works with Zen kernels and kernels that have no tracing support.
  • Sandboxing, introduced in 1.0.3, caused problems on Debian 13. This is now fixed by requesting broader capabilities from systemd.
  • Improved detection of executable paths for sockets already open when Little Snitch's daemon starts. This results in fewer "Not Identified" processes.
  • The daemon now starts earlier during system boot to improve reliability of executable path detection. Note that executable scripts (with #! in the first line) can only be detected correctly when the daemon is already running at the time the script starts.
April 18, 2026

Little Snitch for Linux 1.0.3 (1000399)

Improvements

  • Offer presets when adding a new blocklist (thanks to overflo for this contribution).
  • Security improvements: the daemon now runs sandboxed and permanently drops all capabilities after loading eBPF programs. Note that this may have introduced new bugs, as we cannot guarantee which capabilities and file paths are used by library code.
  • Further reduced verification time of the eBPF programs on Linux 6.19.4 and above.
  • Downloads now include a statically linked binary and packages for PPC64LE.
  • If the system has less than 16 GB of memory, eBPF programs are loaded sequentially, trading longer load times for lower memory consumption.
April 15, 2026

Little Snitch for Linux 1.0.2 (1000299)

This bugfix release addresses the following issues:

  • The previous fix for Btrfs in version 1.0.1 introduced a new bug where connections were attributed to the wrong executables. Little Snitch sometimes showed a parent which executed the program as the connecting program. This was a consequence of using mount IDs to identify mount points between user space and kernel. This version handles the entire path construction in the kernel.
  • Optimized loops in eBPF to reduce complexity seen by eBPF verifier. Little Snitch now runs on the latest kernel versions 6.19.4 and above, including the new 7.0 (and 7.1 preview) kernels.
April 10, 2026

Little Snitch for Linux 1.0.1 (1000199)

This bugfix release fixes an issue with Btrfs: Executables on Btrfs appeared as "Not Identified" processes.

It does not fix an incompatibility with Linux 6.19 where the eBPF verifier rejects our program.

April 8, 2026

Little Snitch for Linux 1.0 (1000099)

This is the first public release of Little Snitch for Linux. We hope it proves useful — and perhaps a little eye-opening.

Little Snitch

Features What’s New Download Release Notes Upgrade

Little Snitch Mini

Features Compare

Other Products

LaunchBar Micro Snitch IAP Viewer

Resources

Internet Access Policy Blog Support Contact Us Lost License

Resources

Internet Access Policy Blog Support Contact Us Lost License

Company

About Us Press Privacy Policy Terms

 

Little Snitch

LaunchBar

© 2026 Objective Development Software GmbH

EnglishDeutsch