(not affiliated, just a happy customer; it's one of the few things I like the mac ecosystem for.. there's attempts to port it to linux with https://github.com/evilsocket/opensnitch; but it's not as polished of course)
I've been using this for years and love it, too. But didn't Apple recently make some change to macOS recently that allows many "system" processes to bypass this?
LittleSnitch was helpful on Mojave in this regard. However, since Catalina, there are literally hundreds of connections per day from "nsurlsessiond" and "gateway.icloud.com" (and a lot more), with no way to figure out what it is they are uploading/downloading/checking.
That happens whether or not you are logged into icloud/facetime/messages at the same time, or not.
Anyone aware of a way to figure out what nsurlesssiond is downloading/uploading in the background?
On Android NetGuard can do the same monitoring, it's a great open source app but I do sometimes wonder what the chance is of some Android system calls bypassing the local vpn firewall it sets up.
The desktop appeared, and the system was connected to a dedicated wi-fi network for the purpose, DeviceUnderTest. 60 seconds or so of “no activity” simply staring at the desktop elapsed, and the system was rebooted, automatically reconnecting to the test network.
Wi-Fi was then disabled.
...
In this few minutes, the system generated 38 megabytes of network traffic.
Last time I used macOS, 2-3 years ago, it was in constant communication with Akamai servers. Blocking some of those hosts to prevent it from doing so would render the system unresponsive when trying to launch an application.
Note: this anecdote may no longer be current. I’m not sure what changes Apple might have made since I tested this.
