I just tried littlesnitch and it did not resolve very many ips to domains, which is pretty basic. It also failed to identify most processes, and they were grouped under "Not Identified". It appears these are known limitations of the Linux version [1]. So for that alone I need to stick with opensnitch.

[1] "Little Snitch for Linux is built for privacy, not security, and that distinction matters. The macOS version can make stronger guarantees because it can have more complexity. On Linux, the foundation is eBPF, which is powerful but bounded: it has strict limits on storage size and program complexity. Under heavy traffic, cache tables can overflow, which makes it impossible to reliably tie every network packet to a process or a DNS name. And reconstructing which hostname was originally looked up for a given IP address requires heuristics rather than certainty. The macOS version uses deep packet inspection to do this more reliably. That's not an option here." -- from https://obdev.at/products/littlesnitch-linux/index.html

▲

toredash 3 hours ago | parent [-]

Is there any DNS based software to do block/allow? Kinda lika what's present in CiliumNetworkPolicies in Kubernetes networking?

	▲	gus_ 17 minutes ago \| parent \| next [-]
		OpenSnitch (+ block lists) ;) or DNS stubs with filtering capabilities.
	▲	M95D an hour ago \| parent \| prev \| next [-]
		Yes, PiHole is the most common, but malware can easily bypass that using shared domains, P2P or IP addresses directly. Use a filtering proxy instead and no gateway / route to the internet.
	▲	Milpotel 2 hours ago \| parent \| prev [-]
		You mean like PiHole or AdGuard?