[Feature Request] WHOIS Data — Display and Modify/Relax IP Address Rules in the Connection Alert Window

General discussions about Little Snitch
jamver
Posts: 7
Joined: Mon Sep 19, 2011 12:28 am

[Feature Request] WHOIS Data — Display and Modify/Relax IP Address Rules in the Connection Alert Window

Postby jamver » Fri Oct 13, 2017 5:21 am

Below are Two Feature Requests relating to the use of WHOIS Data in the Connection Alert Window that I wish Little Snitch would provide.

  1. :idea: DISPLAY/SHOW Summary and Complete WHOIS Results in the Connection Alert Window :idea:

    Always show the key information (e.g. NetRange/CIDR + NetName + Organization and/or inetnum + descr + country), with the ability to expand to display the complete WHOIS Results on user request.

  2. :idea: MODIFY/RELAX the Scope of IP address Rules to CIDRs in the Connection Alert Window :idea:

    Optionally include all other valid CIDRs, capped at the top-level WHOIS result returned.

    This is similar to the existing functionality available for DNS resolved connections, where you can relax the specify the scope to any domain component of the hostname.


These two features would save me many hours of work each year, and avoid having to perform the following steps for each IP-based connection request:

  1. Copy the IP Address from Little Snitch modal dialogue.

  2. Switch to the Terminal.

  3. Run WHOIS against the copied IP address.

  4. Copy the appropriate CIDR from the returned WHOIS results.

  5. Open Little Snitch Configuration.

  6. Find and Edit the New Rule.

  7. Paste and Modify the Rule to set my Preferred Scope.

Dweebster
Posts: 10
Joined: Sun Jul 23, 2017 7:00 pm

Re: [Feature Request] WHOIS Data — Display and Modify/Relax IP Address Rules in the Connection Alert Window

Postby Dweebster » Fri Oct 13, 2017 6:02 am

Network Edge Routers and Firewalls external to a Mac also make good use of Autonomous System Numbers (ASN) in conjunction with domains in host based rules. Having the ASN's provided in the Whois output along with other requested output items would additionally save a load of time in cases where action needs to be taken in both Little Snitch and in Edge Routers and/or Standalone Firewall systems. Since Little would do gathering several fields already, getting one more field from the record set should an easy add in.

jamver
Posts: 7
Joined: Mon Sep 19, 2011 12:28 am

Re: [Feature Request] WHOIS Data — Display and Modify/Relax IP Address Rules in the Connection Alert Window

Postby jamver » Fri Oct 13, 2017 12:51 pm

Dweebster wrote:Network Edge Routers and Firewalls external to a Mac also make good use of Autonomous System Numbers (ASN) in conjunction with domains in host based rules.

Having the ASN's provided in the Whois output along with other requested output items would additionally save a load of time in cases where action needs to be taken in both Little Snitch and in Edge Routers and/or Standalone Firewall systems.

Since Little would do gathering several fields already, getting one more field from the record set should an easy add in.

While I appreciate your point (which which I agree), the ASN is not always available from in the WHOIS data, and as such, will require an additional WHOIS request against the Team Cymru IP to ASN Mapping WHOIS Server, as follows:

Code: Select all

whois -h whois.cymru.com -- '-v 8.8.8.8'

The example WHOIS command (above) is in the required form to correctly function under macOS 10.13 High Sierra, macOS 10.12 Sierra and OS X 10.11 El Capitan.

Code: Select all

AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
15169   | 8.8.8.8          | 8.8.8.0/24          | US | arin     | 1992-12-01 | GOOGLE - Google Inc., US

I think this additional information would be good to gather, but the execution of the second query should be performed only when the user displays the detailed view in the connection alert window.

Dweebster
Posts: 10
Joined: Sun Jul 23, 2017 7:00 pm

Re: [Feature Request] WHOIS Data — Display and Modify/Relax IP Address Rules in the Connection Alert Window

Postby Dweebster » Fri Oct 13, 2017 3:31 pm

I agree with only performing the additional work in detailed view. Good point.


Return to “Little Snitch General”

Who is online

Users browsing this forum: No registered users and 7 guests