Tools compared: Linux application firewalls

Finding the right tool can be difficult. This sheet compares Douane, LPFW, OpenSnitch and TuxGuardian.


Douane is an application firewall that interacts with the user to allow or deny new network connections.

OpenSnitch is a Linux port of the popular macOS Little Snitch application firewall

Tool details

LPFW is the abbreviation for LeoPard FloWer and is an application firewall for Linux.

OpenSnitch is a tool based on Little Snitch, a macOS application level firewall. All outgoing connections are monitored and the user is alerted when a new outgoing connection occurs. This allows the user to detect and block any unwanted connections.

The OpenSnitch tool relies on NFQUEUE, which is an extension for iptables. With this extension software running in userland can intercept IP packets and allow/drop them.

DependenciesGTK 3, Linux 3.x kernel, Python 3iptables
StrenghtsThe source code of this software is availableThe source code of this software is availableMore than 2000 GitHub stars, The source code of this software is available
WeaknessesUnknown project licenseNo updates for a while
Programming language(s)C, C++, GTK+C++, PythonPythonC
Last releaseUnknownUnknownUnknown

0.5 (2006-04-08)

Tool page (last updated)





Tool score
DownloadProject websiteClone on GitHubClone on GitHubDownload
More informationDouane reviewLPFW reviewOpenSnitch reviewTuxGuardian review