Exact definition of "Local Network" in rule destinations?

General discussions about Little Snitch
Post Reply
muzso
Posts: 8
Joined: Tue Nov 01, 2011 11:56 pm

Exact definition of "Local Network" in rule destinations?

Post by muzso » Wed Nov 02, 2011 12:07 am

Hi!

I was wondering how Little Snitch interprets the "Local Network" selection in the destination server of a rule? I could easily imagine multiple interpretations.
Eg. (looking only at IPv4 addresses) 127.0.0.0/8 ... or including 169.254.0.0/16 ... or including all private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16).
What about IPv6 addresses? How is "Local Network" interpreted in that case?

Thanks in advance.

muzso
Posts: 8
Joined: Tue Nov 01, 2011 11:56 pm

Re: Exact definition of "Local Network" in rule destinations?

Post by muzso » Sat Nov 05, 2011 9:46 pm

Found a bit more info about this by hitting the "Info" button in the top-right corner of the Little Snitch Configuration app. An info panel slided out to the right of the window and clicking on a (protected) rule shows a description in the info panel. For the "Allow connections to local network" rule it says: "This rule covers the IP range of your home or company network. "local network" covers all your local networks on all your active network cards (including airport and so on). It is computed from the network interface's current IP address and netmask (depending on the number of active network interfaces it can stand for more than one IP-range). And it is recomputed if you change your "Location"."

Of course this still does not give a precise definition, but now I've got a better idea on what "local network" might mean regarding the rule. It's now certain that the rule stands for more than just localhost, but doesn't yet tell which (private) IP ranges are included.

muzso
Posts: 8
Joined: Tue Nov 01, 2011 11:56 pm

Re: Exact definition of "Local Network" in rule destinations?

Post by muzso » Sat Nov 05, 2011 9:49 pm

Btw. the description of the "local IPv6 network" rule (in the previously mentioned info panel) is more to the point. It says: "IP Address: fe80::/10"

manfred
Objective Development
Objective Development
Posts: 561
Joined: Sat Jul 31, 2010 9:47 am
Location: Vienna
Contact:

Re: Exact definition of "Local Network" in rule destinations?

Post by manfred » Wed Nov 09, 2011 10:29 am

muzso wrote:I was wondering how Little Snitch interprets the "Local Network" selection in the destination server of a rule?

Local Network dynamically adapts to your network settings. One example:

Code: Select all

IP-Address:    192.168.001.070
Netmask:       255.255.255.000 (0xffffff00)
Local Network: 192.168.001.000 - 192.168.001.255

muzso
Posts: 8
Joined: Tue Nov 01, 2011 11:56 pm

Re: Exact definition of "Local Network" in rule destinations?

Post by muzso » Wed Nov 09, 2011 10:38 am

manfred wrote:
muzso wrote:I was wondering how Little Snitch interprets the "Local Network" selection in the destination server of a rule?

Local Network dynamically adapts to your network settings. One example:

Code: Select all

IP-Address:    192.168.001.070
Netmask:       255.255.255.000 (0xffffff00)
Local Network: 192.168.001.000 - 192.168.001.255


Thanks. Does this dynamic rule include all (at the moment active/enabled/connected) network interfaces? When is the rule "reevaluated"? I mean I'm quite sure that it does not recalculate the definition of "local network" for each IP packet that comes in. I'd guess it determines the scope of "local network" on startup ... and maybe on each change of the network configuration?

manfred
Objective Development
Objective Development
Posts: 561
Joined: Sat Jul 31, 2010 9:47 am
Location: Vienna
Contact:

Re: Exact definition of "Local Network" in rule destinations?

Post by manfred » Fri Nov 11, 2011 3:47 pm

muzso wrote:Does this dynamic rule include all (at the moment active/enabled/connected) network interfaces?

All active interfaces except tunneling devices.

muzo wrote: ... and maybe on each change of the network configuration?

Right.

muzso
Posts: 8
Joined: Tue Nov 01, 2011 11:56 pm

Re: Exact definition of "Local Network" in rule destinations?

Post by muzso » Tue Nov 15, 2011 10:52 am

Thanks for all the answers! :-) It's all clear now.
If you've time, maybe you could add them (your answers) to the description of the builtin local network rule. Or to the section in help describing the creation of new rules (the local network rule destination is mentioned there if I remember right).

Post Reply