Feature requests

General discussions about Little Snitch
Post Reply
Laurent
Posts: 7
Joined: Sun Aug 09, 2009 12:28 pm

Feature requests

Post by Laurent » Sun Aug 09, 2009 1:15 pm

Hi,

first of all let me say that I'm a very happy user of the unregistered version of Little Snitch and that I am considering buying it soon.
However, I'd love to see the following features being implemented:

1 - Hierarchical global/user rules control

It would be nice to have a hierarchical control of the rules. Right now, the admin user can change his own rules and the global ones but he can't modify or set rules for the other users. Being able to set generic rules for users (or groups, ie 'staff', 'cluelessusers', etc.) would go a long way in setting up proper default rules for users who are not expert in firewall setup. As an example, one might want to forbid all accesses to known malware sites and not allow users to change this rule.

2 - Being able to mark a rule as global from the pop up alerts

Global rules are a great addition, however, the necessity to go back to the Little Snitch rules panel unnecessarily increases the amount of work needed to mark them as such. It would be great to be able to click a checkbox in the pop up alerts dialogs to mark the rules as Global.
Of course, that would require an additional preference field to indicate which users have the right to do so and would require them to enter admin credentials if they don't have such right but that would still be more practical than the current method as it doesn't break the user flow as much.

3 - Display user account names for connections in the Network Monitor

The Network Monitor is a fantastic tool, and it would just be perfect if it displayed the user account name under which each application is running.

4 - Log of rules changes and blocked/allowed accesses.

Being a security oriented tool, Little Snitch really needs to log all rules changes and allowed/blocked connections (as well as which ruled allowed/denied the connection). That would make it easier to verify if rules are setup properly, diagnose security problems and make bug tracking/reporting easier.

Thanks in advance :)

Cheers,
Laurent

Laurent
Posts: 7
Joined: Sun Aug 09, 2009 12:28 pm

Re: Feature requests

Post by Laurent » Sun Aug 09, 2009 1:42 pm

Laurent wrote:4 - Log of rules changes and blocked/allowed accesses.


I noticed that Little Snitch does create a few logs which are available from the Console utility, however the Network Monitor and  UI Agent ones show completely empty on my machine (they are saved under my current non admin, which is the one from which I installed Little Snitch).

Cheers,
Laurent

neilmcg
Posts: 7
Joined: Mon Jul 13, 2009 12:43 pm

Re: Feature requests

Post by neilmcg » Mon Aug 10, 2009 8:31 am

Laurent wrote:....one might want to forbid all accesses to known malware sites and not allow users to change this rule.


You can achieve part of this by using OpenDNS, signing up for an account and configuring the connection via dashboard.

neilmcg
Posts: 7
Joined: Mon Jul 13, 2009 12:43 pm

Re: Feature requests

Post by neilmcg » Mon Aug 10, 2009 8:33 am

Laurent wrote:Hi,
1 - Hierarchical global/user rules control

It would be nice to have a hierarchical control of the rules. Right now, the admin user can change his own rules and the global ones but he can't modify or set rules for the other users. Being able to set generic rules for users (or groups, ie 'staff', 'cluelessusers', etc.) would go a long way in setting up proper default rules for users who are not expert in firewall setup.


This sounds like a server setup for administering multiple LS installations - is that what you envisage? Or do you have 5,10,15 different accounts on 1 mac?

neilmcg
Posts: 7
Joined: Mon Jul 13, 2009 12:43 pm

Re: Feature requests

Post by neilmcg » Mon Aug 10, 2009 8:36 am

Laurent wrote:Hi,
... would go a long way in setting up proper default rules for users who are not expert in firewall setup.


Firewalls are really for incoming traffic, LS monitors outgoing, do you mean firewall?

Laurent
Posts: 7
Joined: Sun Aug 09, 2009 12:28 pm

Re: Feature requests

Post by Laurent » Sun Aug 30, 2009 1:51 pm

neilmcg wrote:
Laurent wrote:....one might want to forbid all accesses to known malware sites and not allow users to change this rule.


You can achieve part of this by using OpenDNS, signing up for an account and configuring the connection via dashboard.


This is at best a work around and it just doesn't cut it, depending on an external service is a no go.

Laurent
Posts: 7
Joined: Sun Aug 09, 2009 12:28 pm

Re: Feature requests

Post by Laurent » Sun Aug 30, 2009 1:55 pm

neilmcg wrote:
Laurent wrote:Hi,
1 - Hierarchical global/user rules control

This sounds like a server setup for administering multiple LS installations - is that what you envisage? Or do you have 5,10,15 different accounts on 1 mac?


I was thinking about several accounts on the same computer, typically the family desktop that anyone can access through their own accounts so as to not accidentally delete other's files as well as obvious privacy reasons.

Laurent
Posts: 7
Joined: Sun Aug 09, 2009 12:28 pm

Re: Feature requests

Post by Laurent » Sun Aug 30, 2009 2:07 pm

neilmcg wrote:
Laurent wrote:Hi,
... would go a long way in setting up proper default rules for users who are not expert in firewall setup.


Firewalls are really for incoming traffic, LS monitors outgoing, do you mean firewall?


My bad, I was really talking about outgoing traffic control. Sorry as well for the multiple responses in separate posts, I just realized that I should have grouped them so as not to clobber this thread.

Post Reply