Little Snitch is a well-known piece of software that allows Mac users to block outgoing connexions from a specific app.
Now, whenever I ask how to do the same with built-in OS X tools, I get an answer like: "you can’t do this without Little Snitch. The built-in PF firewall is not an application firewall, and the built-in AF can only block incoming traffic. No OS X tool allows this."
This cannot be true. I mean, in this case, how would Little Snitch, or Hands Off!, or small apps such as RadioSilence achieve this to begin with? These apps themselves must certainly use built-in tools of some sort to block traffic on a per-application basis. I searched for open source alternatives with the idea to have a look at their sources and find out "how they do this". But… I found no open source alternative. Any idea?
Best Answer
Little Snitch uses a network kernel extension to intercept network traffic.
Alternatives to network kernel extensions exist as you mentioned, but only for certain use cases.
Network kernel extensions are far more powerful and allow for more detailed control.
Emphasis in quoted content mine. I am unfamiliar with the other software but I assume it follows the same principal.