This is an open source eBPF-based network monitor and blocker for Linux, written in Rust with the Aya framework. It intercepts network connections at the kernel level using TC classifiers and LSM hooks, then shares data with user space via eBPF maps. You load blocklists from text files (IPs and domain suffixes), and the demo runner populates the maps and reads connection events back out. The architecture is clean: an ebpf crate for kernel programs, a common crate for shared types, and a demo runner that ties it all together. Requires kernel 5.15+ and root privileges. This is the open core of Objective Development's Little Snitch for Linux, so you get the monitoring primitives but not the full UI or rule engine.
npx skills add https://github.com/aradotso/trending-skills --skill littlesnitch-linux