Hi!
I was wondering how Little Snitch interprets the "Local Network" selection in the destination server of a rule? I could easily imagine multiple interpretations.
Eg. (looking only at IPv4 addresses) 127.0.0.0/8 ... or including 169.254.0.0/16 ... or including all private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16).
What about IPv6 addresses? How is "Local Network" interpreted in that case?
Thanks in advance.
Exact definition of "Local Network" in rule destinations?
Re: Exact definition of "Local Network" in rule destinations?
Found a bit more info about this by hitting the "Info" button in the top-right corner of the Little Snitch Configuration app. An info panel slided out to the right of the window and clicking on a (protected) rule shows a description in the info panel. For the "Allow connections to local network" rule it says: "This rule covers the IP range of your home or company network. "local network" covers all your local networks on all your active network cards (including airport and so on). It is computed from the network interface's current IP address and netmask (depending on the number of active network interfaces it can stand for more than one IP-range). And it is recomputed if you change your "Location"."
Of course this still does not give a precise definition, but now I've got a better idea on what "local network" might mean regarding the rule. It's now certain that the rule stands for more than just localhost, but doesn't yet tell which (private) IP ranges are included.
Of course this still does not give a precise definition, but now I've got a better idea on what "local network" might mean regarding the rule. It's now certain that the rule stands for more than just localhost, but doesn't yet tell which (private) IP ranges are included.
Re: Exact definition of "Local Network" in rule destinations?
Btw. the description of the "local IPv6 network" rule (in the previously mentioned info panel) is more to the point. It says: "IP Address: fe80::/10"
Re: Exact definition of "Local Network" in rule destinations?
muzso wrote:I was wondering how Little Snitch interprets the "Local Network" selection in the destination server of a rule?
Local Network dynamically adapts to your network settings. One example:
Code: Select all
IP-Address: 192.168.001.070
Netmask: 255.255.255.000 (0xffffff00)
Local Network: 192.168.001.000 - 192.168.001.255
Re: Exact definition of "Local Network" in rule destinations?
manfred wrote:muzso wrote:I was wondering how Little Snitch interprets the "Local Network" selection in the destination server of a rule?
Local Network dynamically adapts to your network settings. One example:Code: Select all
IP-Address: 192.168.001.070
Netmask: 255.255.255.000 (0xffffff00)
Local Network: 192.168.001.000 - 192.168.001.255
Thanks. Does this dynamic rule include all (at the moment active/enabled/connected) network interfaces? When is the rule "reevaluated"? I mean I'm quite sure that it does not recalculate the definition of "local network" for each IP packet that comes in. I'd guess it determines the scope of "local network" on startup ... and maybe on each change of the network configuration?
Re: Exact definition of "Local Network" in rule destinations?
muzso wrote:Does this dynamic rule include all (at the moment active/enabled/connected) network interfaces?
All active interfaces except tunneling devices.
muzo wrote: ... and maybe on each change of the network configuration?
Right.
Re: Exact definition of "Local Network" in rule destinations?
Thanks for all the answers! 
It's all clear now.
If you've time, maybe you could add them (your answers) to the description of the builtin local network rule. Or to the section in help describing the creation of new rules (the local network rule destination is mentioned there if I remember right).
It's all clear now.If you've time, maybe you could add them (your answers) to the description of the builtin local network rule. Or to the section in help describing the creation of new rules (the local network rule destination is mentioned there if I remember right).