UPDATE: According to Patrick Wardle, "As of macOS 11.2 beta 2, the (in)famous ContentFilterExclusionList is gone!"
In addition to the hacky workaround previously outlined in these pages and Objective Development's steps for enabling Little Snitch 4.6 under Big Sur, there is now a third option for preventing Apple from bypassing application firewalls, courtesy of Hany (author of Murus and Vallum): Exclusions Blaster. Simply copy to /Applications, run, and approve the system extension when prompted - that's it!
Successfully tested under both Intel and M1 Macs, though the README warns that it is "experimental".
/mac | Dec 16, 2020