How to disable 'Effective in all profiles' rules only for selected profiles?

General discussions about Little Snitch
i90rr
Posts: 7
Joined: Tue Oct 17, 2017 4:53 pm

How to disable 'Effective in all profiles' rules only for selected profiles?

Postby i90rr » Tue Oct 17, 2017 5:22 pm

Hello,

When on the road, I try to only use my mobile data plan - through tethering to my phone - to keep things as secure as possible. However there are times I'm unable to do so - or just make sense to connect to a local WiFi network - and is for those situations I'm trying to create a customized Little Snitch profile to avoid fiddling with macOS pf's configuration files.

I created a profile (Untrusted networks) to block all traffic, incoming and outgoing, that I use whenever I connect to a new or untrusted networks. The goal is to enable connections only after the VPN connection itself is established first.

As these are alien (or plainly untrusted) networks, I'm not interested in exposing any functionality like reachability, file sharing and so on.

The problem with this approach is that I can't find a way to disable the rules found in the "Effective in all profiles" profile for the Untrusted networks profile only. Again, I don't want to expose any unnecessary stuff on these networks, just the bare minimum to be able to connect to the VPN at which point, Little Snitch will automatically change to a trusted profile.

Thanks!

justperry
Posts: 3
Joined: Sat Oct 21, 2017 4:48 pm

Re: How to disable 'Effective in all profiles' rules only for selected profiles?

Postby justperry » Sat Oct 21, 2017 4:50 pm

The problem with your approach is it needs to connect to some services, if you don't you can't connect to the VPN in the first place.

i90rr
Posts: 7
Joined: Tue Oct 17, 2017 4:53 pm

Re: How to disable 'Effective in all profiles' rules only for selected profiles?

Postby i90rr » Wed Oct 25, 2017 6:34 am

Hey @justperry, thanks for your reply.

I just figured out (I think so) how to implement my model:

a) I created two profiles: Trusted networks and Untrusted networks;
b) I disabled all the iCloud and Mac rules in Effective in all profiles profile;
c) I duplicated the rules set from the Effective in all profiles profile into the Trusted networks profile, and enabled them there;
d) In the Trusted networks profile I manually added my trusted networks like home networks, VPN networks and so forth;
e) The Trusted networks profile operation mode is set to Alert Mode;
f) The Untrusted networks profile operation mode is set to silently block all connections -- it also does not contain any networks.

This way:
- All communications will be automatically blocked whenever I'm not connected to any network explicitly allowed in the Trusted networks profile;
- Once I have connected to an untrusted network, I can calmly connect to my VPN which, in turn, will automatically enable the Trusted networks profile -- and all of this without leaking more data than the absolutely necessary information to create the needed handshakes between my system and the untrusted access point.

IINM, with this setup while the access to Layers 1-6 will be unaffected (i.e. creating the link between my Mac and the untrusted AP), no application information will be transmitted as the Layer 7 will be effectively blocked by LS -- no outbound or inbound connections will be allowed until a connection to a whitelisted network is made.

Would love to hear if anyone see any flaw here.

HTH ^_^


Return to “Little Snitch General”

Who is online

Users browsing this forum: No registered users and 10 guests