Another profiles Q: creating a deny all rule ...

General discussions about Little Snitch
keep-em-out
Posts: 2
Joined: Mon Jun 15, 2015 8:03 pm

Another profiles Q: creating a deny all rule ...

Postby keep-em-out » Mon Jun 15, 2015 8:20 pm

All-

I am somewhat new to LS but have been reading up on the forums here to get familiar with the functionality. Like others, I want to create a set of profiles to apply based on the networks I am connecting to. Something like:

- Trusted (home network, etc.)
- Untrusted (public wifi, hotel wifi, etc.)
- Semi Trusted (office network, etc.)

I have read the following articles, which helped, but still left me with questions:

viewtopic.php?f=1&t=9598
viewtopic.php?f=1&t=8844

The main question I have is how to create some kind of 'default deny' rule for untrusted connections. For example, the logic might flow like this:

- If the traffic is VPN related, allow
- If the traffic is Captive Portal, allow
- If the traffic is DNS (UDP), allow
- Everything else, block

From what I can tell there really isn't a 'default deny' rule that will block everything except those rules which have been set to allow traffic to exit the system. I have to connect my machine to the untrusted network and let it sit for a while until OS X triggers every daemon and protocol that tries to connect to the Internet and then I manually deny each one. Anyone know of a shortcut here?

Cheers.

hagen
Wizard
Wizard
Posts: 594
Joined: Mon Feb 18, 2008 11:05 pm

Re: Another profiles Q: creating a deny all rule ...

Postby hagen » Fri Jun 19, 2015 6:15 am

keep-em-out wrote:From what I can tell there really isn't a 'default deny' rule that will block everything except those rules which have been set to allow traffic to exit the system. I have to connect my machine to the untrusted network and let it sit for a while until OS X triggers every daemon and protocol that tries to connect to the Internet and then I manually deny each one. Anyone know of a shortcut here?

The rule you are looking for is a simple Deny All. Narrowly-defined rules have precedence over more general ones, therefore a rule denying all connections will still allow specific rules to function.

Like this (in any order)

Allow connection A
Allow connection B
Allow connection C
Deny any connection

wetovene
Posts: 1
Joined: Sat Dec 29, 2018 11:40 am

Re: Another profiles Q: creating a deny all rule ...

Postby wetovene » Sat Dec 29, 2018 11:40 am

The tiny slot is fixed for the people. Al the issues ache been manage for the use of the papersowl reviews for all available items for the humans. The enhancement is done for the flow of the items for the perfect and ideal paths for the humans.


Return to “Little Snitch General”

Who is online

Users browsing this forum: No registered users and 4 guests