Page 1 of 1

Exact definition of "Local Network" in rule destinations?

Posted: Wed Nov 02, 2011 12:07 am
by muzso
Hi!

I was wondering how Little Snitch interprets the "Local Network" selection in the destination server of a rule? I could easily imagine multiple interpretations.
Eg. (looking only at IPv4 addresses) 127.0.0.0/8 ... or including 169.254.0.0/16 ... or including all private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16).
What about IPv6 addresses? How is "Local Network" interpreted in that case?

Thanks in advance.

Re: Exact definition of "Local Network" in rule destinations?

Posted: Sat Nov 05, 2011 9:46 pm
by muzso
Found a bit more info about this by hitting the "Info" button in the top-right corner of the Little Snitch Configuration app. An info panel slided out to the right of the window and clicking on a (protected) rule shows a description in the info panel. For the "Allow connections to local network" rule it says: "This rule covers the IP range of your home or company network. "local network" covers all your local networks on all your active network cards (including airport and so on). It is computed from the network interface's current IP address and netmask (depending on the number of active network interfaces it can stand for more than one IP-range). And it is recomputed if you change your "Location"."

Of course this still does not give a precise definition, but now I've got a better idea on what "local network" might mean regarding the rule. It's now certain that the rule stands for more than just localhost, but doesn't yet tell which (private) IP ranges are included.

Re: Exact definition of "Local Network" in rule destinations?

Posted: Sat Nov 05, 2011 9:49 pm
by muzso
Btw. the description of the "local IPv6 network" rule (in the previously mentioned info panel) is more to the point. It says: "IP Address: fe80::/10"

Re: Exact definition of "Local Network" in rule destinations?

Posted: Wed Nov 09, 2011 10:29 am
by manfred
muzso wrote:I was wondering how Little Snitch interprets the "Local Network" selection in the destination server of a rule?

Local Network dynamically adapts to your network settings. One example:

Code: Select all

IP-Address:    192.168.001.070
Netmask:       255.255.255.000 (0xffffff00)
Local Network: 192.168.001.000 - 192.168.001.255

Re: Exact definition of "Local Network" in rule destinations?

Posted: Wed Nov 09, 2011 10:38 am
by muzso
manfred wrote:
muzso wrote:I was wondering how Little Snitch interprets the "Local Network" selection in the destination server of a rule?

Local Network dynamically adapts to your network settings. One example:

Code: Select all

IP-Address:    192.168.001.070
Netmask:       255.255.255.000 (0xffffff00)
Local Network: 192.168.001.000 - 192.168.001.255


Thanks. Does this dynamic rule include all (at the moment active/enabled/connected) network interfaces? When is the rule "reevaluated"? I mean I'm quite sure that it does not recalculate the definition of "local network" for each IP packet that comes in. I'd guess it determines the scope of "local network" on startup ... and maybe on each change of the network configuration?

Re: Exact definition of "Local Network" in rule destinations?

Posted: Fri Nov 11, 2011 3:47 pm
by manfred
muzso wrote:Does this dynamic rule include all (at the moment active/enabled/connected) network interfaces?

All active interfaces except tunneling devices.

muzo wrote: ... and maybe on each change of the network configuration?

Right.

Re: Exact definition of "Local Network" in rule destinations?

Posted: Tue Nov 15, 2011 10:52 am
by muzso
Thanks for all the answers! :-) It's all clear now.
If you've time, maybe you could add them (your answers) to the description of the builtin local network rule. Or to the section in help describing the creation of new rules (the local network rule destination is mentioned there if I remember right).