The macos application layer firewall is pretty well featured. Do you see any benefit from LittleSnitch or others, if you can write ALF rules?

https://krypted.com/mac-security/the-os-x-application-layer-firewall-part-3-lion/

Definitely: Little Snitch is a lot more granular (filters by port, domain name, time-based rules) whereas the native firewall only blocks applications and specific protocols, if I recall. No reason not to use both - please send a PR with any great ALF rules.