Every now and then I browse through software you must have on your mac type lists and more often than not somebody mentions Little Snitch as a must-have application.
Now what I think that many people ignore or aren’t aware of is that in fact OS X itself has an application firewall built-in (though hidden and the application layer inactivated).
I understand that Little Snitch maybe allows for a more fine-grained selection of ports and one may exclude only specific addresses from the traffic per application. However, I wonder if this is really needed for the average (and better-than-average) type of desktop user.
So my question would be in which cases is the built-in firewall not sufficient and when would one have to choose an external tool like Little Snitch.
(Note: I’m not speaking about controlling the traffic in a web or database server setup in which cases I thoroughly understand blocking certain connections whilst allowing only a small set.)
Best Answer
Little Snitch offers three features that aren't available in MacOS' built-in ipfw firewall. (It does this by loading a custom kernel module.)
That being said, I don't think Little Snitch is "must have" software; these features are fairly esoteric. There are also several alternatives: TCPBlock and glowworm for the firewall and Rubbernet (now defunct) for the monitoring.
2016 Update: MacOS now has the per-application monitoring built into Activity Monitor.