momenbasel

momenbasel / puresnitch

Public

Free, open-source application firewall for macOS. Little Snitch alternative with zero telemetry. Native SwiftUI world map, rules manager, DNS over HTTPS, pf-based blocking. Signed, notarized, MIT licensed.

momenbasel.github.iopuresnitch application-firewall blocklist dns-over-https dns-proxy firewall
10
1
100% credibility
Found May 25, 2026 at 10 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Swift
AI Summary

PureSnitch is a free, open-source firewall for macOS that shows you every network connection your apps make, lets you allow or block them with simple rules, and includes built-in blocklists and encrypted DNS filtering β€” all with a Little Snitch-style visual interface.

How It Works

1
πŸ”’ You worry about apps secretly sending your data

You learn that apps on your Mac can connect to the internet without you knowing, and you want visibility and control.

2
⬇️ You download PureSnitch for free

You find a free, open-source firewall app for your Mac with no subscription, no account needed, and no hidden costs.

3
πŸ—ΊοΈ You see a world map of every connection

The first time you open it, a beautiful map lights up showing every place your Mac is talking to across the globe β€” with live traffic graphs and per-app breakdowns.

4
⚑ An app asks permission to connect

A popup appears asking 'Allow' or 'Deny' when any app tries to reach the internet for the first time, so you stay in control.

5
You pick how strict you want to be
πŸ””
Ask me everything

Get a friendly popup for each new connection so you decide each one personally

🀫
Silent mode

Let trusted apps through quietly while blocking anything suspicious automatically

βœ… Your Mac stays protected automatically

Blocklists filter out known trackers and malware, DNS queries are encrypted, and you can see exactly what's happening β€” all without paying $59 like similar tools cost.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 10 to 10 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is puresnitch?

PureSnitch is a free, open-source application firewall for macOS written in Swift. It gives you visibility into every outbound connection your Mac makes, lets you block domains and IPs, and intercepts DNS queries to catch traffic before it resolves. The UI mirrors Little Snitch's pattern: a menubar status item with live throughput, a world map showing connection geography, a full rules manager with allow/deny/ask actions, and popup alerts when new connections appear. It runs a local DNS proxy on your machine that forwards over DoH to Cloudflare, Quad9, or Google, while blocking against subscribed blocklists. Packet-level blocking happens through pfctl at the kernel level.

Why is it gaining traction?

The $59 Little Snitch price tag has always stung. PureSnitch delivers the same UI workflow β€” world map, rules manager, mode picker, connection alerts β€” without the cost and without any telemetry. The blocklist library ships with StevenBlack, OISD, 1Hosts, and HaGeZi out of the box, so you get ad and tracker blocking immediately. The DoH integration means domain-level blocking works without modifying system DNS settings. Developers who care about privacy but don't want to pay for LS finally have a credible free alternative.

Who should use this?

Mac power users who want outbound firewall visibility without paying $59. Privacy-conscious developers who want to see what their tools are phoning home to. Anyone running servers or development environments who needs domain-level blocking and wants it integrated into a native macOS app rather than a terminal-based pf config. Not for users who need per-process kernel filtering today β€” that feature requires an Apple entitlement the project doesn't have yet.

Verdict

At v0.1.0 with 10 stars, this is early-stage software with a 1.0% credibility score. The code is auditable, the feature set is complete for DNS and pf-level blocking, and the signed/notarized release means it installs cleanly. The roadmap items (Network Extension, iCloud sync) are aspirational. Worth trying if you want the Little Snitch experience for free, but treat it as you would any v0.1 project: test carefully before relying on it as your sole firewall.

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.