Group of hostnames

General discussions about Little Snitch
Post Reply
khansari
Posts: 2
Joined: Sat Mar 17, 2012 6:44 am

Group of hostnames

Post by khansari » Sat Mar 17, 2012 6:49 am

I've looked at the forum and help but could not get conclusive answer on this... Can I allow/deny a group of hostnames (such as *.dropbox.com) without really providing a range of ip addresses. I believe the wildcard regular expression would allow for this very well, but not sure that is being accepted if I input that in my rule...

Thanks for you any help with this, since having to permit each and every permutation of a certain groups is becoming tedious. I guess the other option is to open up the that port for that application completely, but that seems too dangerous and defeats having something like LS.

khansari
Posts: 2
Joined: Sat Mar 17, 2012 6:44 am

Re: Group of hostnames

Post by khansari » Sat Mar 17, 2012 7:00 am

Digging further in this forum (armed with a better word to search -- wildcard), I realize it's possible to switch to Domain in the rule editing dialog dropdown. But that further brings up the question that someone else asked (with no answer from OD yet): Can you still do a regular expression with wildcard to indicate a certain range of names?

The example was not the entire apple.com domain but maybe *-courier.apple.com and I think that is right way to put it...

jimmol
Posts: 1
Joined: Sat Jun 02, 2012 12:47 pm

Re: Group of hostnames

Post by jimmol » Sat Jun 02, 2012 1:00 pm

Did anyone find out if we can do wildcard for hostnames?

Dropbox apparently rotates where you connect, have 30 rules so far, and the 3rd set of numbers in the IP also changes with each new connect 50.19.116.136, then 50.16.212.137.

I guess my next question: Is there a way to show a range for the 3rd set of numbers as the fourth can be set to a range .0/200? Does the slash thing work any where in the IP address or only on the last set of numbers?

thanehand
Posts: 1
Joined: Mon Jun 11, 2012 9:56 pm

Re: Group of hostnames

Post by thanehand » Mon Jun 11, 2012 10:01 pm

Add my vote in for adding basic support for domain wildcards. I personally don't need full-on regular expressions though. Support for a simple asterisk would be sufficient.

There are MANY sites that use unknown subdomains that I need to either allow or block in their entirety. Entering something like *.apple.com for example, would be FAR superior (and easier) than adding 50 different rules.

jwelcher
Posts: 1
Joined: Thu Sep 19, 2013 10:02 pm

Re: Group of hostnames

Post by jwelcher » Thu Sep 19, 2013 10:05 pm

I agree that simple globbing or more advanced wildcards would be nice.

Use case: Dropbox client on my computer talks to dl-client*.dropbox.com and dl-debug*.dropbox.com where the "*" is a 3 or 4 digit number. I appreciate the addition of "domains" in Little Snitch 3, so I can just say Dropbox can talk outbound to *.dropbox.com hosts on 443... but I don't actually want to trust ALL dropbox.com hosts. The minimum I need is dl-client*.dropbox.com and maybe the debug set.

haley01
Posts: 1
Joined: Wed Jul 24, 2013 9:27 am

Re: Group of hostnames

Post by haley01 » Fri Oct 04, 2013 10:37 am

Hello...That's a great idea. I agree with that creating a group of IP addresses. Please update more details as soon as possible....

Tuur.L
Posts: 9
Joined: Sat Nov 17, 2012 7:39 pm

Re: Group of hostnames

Post by Tuur.L » Sat Oct 05, 2013 12:00 pm

I agree, and hope for this one...

Regards and thx.

sing keyboard sing
Posts: 3
Joined: Thu Dec 16, 2010 6:11 am

Re: Group of hostnames

Post by sing keyboard sing » Sat Apr 11, 2015 7:57 pm

jwelcher wrote:I agree that simple globbing or more advanced wildcards would be nice.

Use case: Dropbox client on my computer talks to dl-client*.dropbox.com and dl-debug*.dropbox.com where the "*" is a 3 or 4 digit number. I appreciate the addition of "domains" in Little Snitch 3, so I can just say Dropbox can talk outbound to *.dropbox.com hosts on 443... but I don't actually want to trust ALL dropbox.com hosts. The minimum I need is dl-client*.dropbox.com and maybe the debug set.


+1 for this suggestion

I was trying to set up a filter for dl-client*.dropbox.com and found this older post. Would be great if I could allow connections to hostnames dl-client*.dropbox.com on 443 in a single rule.

Post Reply