Another Feature Request

General discussions about Little Snitch
olivierdb
Posts: 8
Joined: Sun Apr 14, 2013 10:49 pm

Another Feature Request

Postby olivierdb » Fri Apr 04, 2014 9:57 pm

Please allow for the creation of sets or groups of rules into (what I'll call) filters and the import/export (and thus sharing) thereof.

A very nice feature of GlimmerBlocker is the ease with which one can subscribe to shared filters. There are all kinds of filters possible: ad filters, tracker filters, malware filters, etc.

http://glimmerblocker.org/wiki/Filters

nexttoyou
Posts: 4
Joined: Tue Oct 13, 2009 4:25 pm

Re: Another Feature Request

Postby nexttoyou » Mon Apr 14, 2014 6:43 pm

olivierdb wrote:A very nice feature of GlimmerBlocker is the ease with which one can subscribe to shared filters. There are all kinds of filters possible: ad filters, tracker filters, malware filters, etc.

Even better would be a DNSBL style subscription option to block incoming connections, so you’d just need to enter the kind of attacks you’d like to block by using e. g. a service like this one:

http://www.blocklist.de/en/rbldns.html

Honestly, it drives me crazy to do this manually on a one by one basis or by using those lists:

http://www.blocklist.de/en/export.html

Otherwise Little Snitch is just perfect for me …

Khaine
Posts: 3
Joined: Sat Apr 19, 2014 7:00 am

Re: Another Feature Request

Postby Khaine » Sat Apr 19, 2014 7:03 am

IPblocklists would be a good addition. That way you could use abuse.ch ip blacklists to prevent connections to known c&c servers if you managed to get infected.

I do wonder if you could use the pf firewall built into osx to do the blocking based upon the blacklists in conjunction with little snitch

olivierdb
Posts: 8
Joined: Sun Apr 14, 2013 10:49 pm

Re: Another Feature Request

Postby olivierdb » Mon Apr 21, 2014 9:46 pm

@nexttoyou I wonder why the block lists you mention are limited to the last 48 hours! Is it because IP addresses are dynamically assigned. i.e. they can change from one session to another?

There are a large number of blacklists available here and there. I quite like those that are categorised and allow you to chose what you want to filter out. Here's an example of categories from a free and a commercial blacklist provider:
http://www.shallalist.de/categories.html
http://www.squidblacklist.org/

Providing lists via data feeds seems to be the way forward judging from the following two sites:
http://www.spamhaus.org/datafeed/
http://www.surbl.org/lists#mw

I hope LS will offer the ability to retrieve data feeds automatically or on a scheduled basis.

Something else I would very much like to see in the allow/deny alert dialog boxes is a button we could click to perform a quick whois in a new web page for instance.

nexttoyou
Posts: 4
Joined: Tue Oct 13, 2009 4:25 pm

Re: Another Feature Request

Postby nexttoyou » Tue Apr 22, 2014 2:54 pm

olivierdb wrote:@nexttoyou I wonder why the block lists you mention are limited to the last 48 hours! Is it because IP addresses are dynamically assigned. i.e. they can change from one session to another?

It is often the case that the machine behind such an IP address is virus infected. I contacted several times the access providers of the computers in question and they indeed removed them immediately from the internet for further inspection. The attack stopped and everything was alright. So it would be quite impolite to block such an IP address indefinitely.

There are a large number of blacklists available here and there. I quite like those that are categorised and allow you to chose what you want to filter out. Here's an example of categories from a free and a commercial blacklist provider:
http://www.shallalist.de/categories.html
http://www.squidblacklist.org/

Providing lists via data feeds seems to be the way forward judging from the following two sites:
http://www.spamhaus.org/datafeed/
http://www.surbl.org/lists#mw

Yep, I use some of those lists together with Postfix on Mac OS X Server. You can even combine several of those lists and completely exclude some countries. That’s incredibly comfortable but should of course been done carefully so that people can still communicate with you. Unfortunately, OS X Server only lets you do this for incoming mail connections. Originally, such DNSBL services were intended for mail servers only but more and more services have been created in the meantime permitting to use different lists for many other purposes.

I hope LS will offer the ability to retrieve data feeds automatically or on a scheduled basis.

This would make my day as manually blocking IP addresses or address blocks and maintaining those lists is incredibly time consuming.

Something else I would very much like to see in the allow/deny alert dialog boxes is a button we could click to perform a quick whois in a new web page for instance.

Just FYI, I currently use manually this service: http://www.utrace.de

jamver
Posts: 7
Joined: Mon Sep 19, 2011 12:28 am

Re: Another Feature Request

Postby jamver » Fri Oct 13, 2017 5:36 am

olivierdb wrote:Something else I would very much like to see in the allow/deny alert dialog boxes is a button we could click to perform a quick whois in a new web page for instance.

I too want Little Snitch to use WHOIS Data and have made a new forum post to flesh out some specific features.


Return to “Little Snitch General”

Who is online

Users browsing this forum: No registered users and 7 guests