There’s not a lot of documentation but upon cursory glance of the code it does the following for anyone curious:

• Sets up some basic iptables rules that allow DNS queries, connections, and rejects outgoing packets
• Sets up some probing using ftrace to monitor execve family calls, fork, and exit to be notified when that happens.
• Using netfilter finds new network activity (tied somehow to the iptables setup rules in step 1)
• Determines owner of network connection, and runs rules to see if it should be allowed/dropped, etc
• Performs the appropriate action, including launching a GUI to accept / reject it if no rule was put in place before hand.

OpenSnatch would have been a good name too