Snitchery

Little snitch Rule set(s)

Installation:

Jul 14, 2019  In the end, after scouring the issues here, I found a couple of mentions of Little Snitch blocking VSCode. Sure enough, on checking my Little Snitch it was blocking VSCode showing the problem as; The identity check detected a modification of the program. Therefore all of its connections were denied as a precaution. Without a license key, Little Snitch runs in demo mode, which provides the same protection and functionality as the full version. The demo runs for three hours, and it can be restarted as often as you like. The Network Monitor expires after 30 days. Turn it into a full version by entering a license key.

  1. Open Littledsnitch config
  2. Place hot_pocket in wave: do
  3. cook on high for 2.5 min
  4. click import rules (where applicable i.e. 'all over')

Theory / Mechanics / General Thoughts

Snitch

Litle snitch has some really amazing features, namely, auto profile switching for different networks.

  • Dec 24, 2018  MrLittleKitty - Father of Snitch Master (Creator and wrote a lot of the code) iykHvfIvfR - Abusive Step-father of Snitch Master (Maintained and updated Snitch Master but also abused her codebase) Gjum - Uncle of Snitch Master (Code, ideas, bug reports, and general help).
  • Session is a cross-platform, anonymous and decentralized messaging application. You don't need a phone number or email address to make an account.
  • Dec 07, 2019 As of Little Snitch 4.3 (5264) max domains per rule increased to 200,000. There is no need to create multiple rule group files with the previous limit of 10,000 rules per rule group. This version will generate single file in respective folder with the same name for easy subscription and management.

I always begin with setting a 'deny connections' for everything, then, allowing what I need. It took me a long time to figure this part out. This will save you from having a pop up every goddamn second when you fire this baby up.

When you import these rules you'll most certainly have applications that I don't and vice versa. You will see this expressed in the approprate menu on the left side of the Little Snitch config.

This set is nowhere near finished but it's a great starting point for someone to 'train' their own firewall. My general 'rule of thumb' (sorry ladies) has been to adhere to the rule of least permissions. This is great in theory but unfortunately in the real world it becomes extrememly annoying to approve rules on a domain by domain basis. So, I have been training the snitch via Port and Protocol and not the full-on, super annoying, domain based rules.

Snitch

Rules and Profiles

Profiles:

  • Home
  • Obviously, home network with very permissive rules.
  • Hotspot
  • This one is a work in progress as I rarely use 'hotspots'
  • iPoop (iPhone)
  • This is similar to the Hotspot but should be used with a 'trusted device'
  • Public
  • Super strict ruleset for public networks.
  • Public +
  • Similar to Public but a bit more permissive in order to get work done.
  • Vadded (VPN)
  • I used mullvad as my preferred VPN provider for a long time. Now, I configure my own VPN's through digital ocean. The idea is the same either way, because of encryption, we can use this as the permissive set.

Rules:

  • Download free string vst plugins. Effective in all profiles

  • Only the default system bits and VPN connectivity.

  • Home

  • accountsd (443)

  • Addressbook (443)

  • Adobe desktop service (DENY) (I HATE THE AMOUNT OF ADOBE BS.)

  • AGS (see above)

  • Airplay (7000)

  • AKD (443)

  • Alfred (443)

  • Atom (443)

  • Calender Agent (443)

  • Clip Menu (DENY)

  • CloudD (443)

  • com.geod (80, 443) (For device tracking)

  • Safe Browsing (443)

  • Contacts (443)

  • Core Sync (Adobe) (DENY)

  • Creative Cloud (443)

  • Docker (443)

  • Firefox (ANY)

  • Gamed (DENY) (I fucking hate gamed!)

  • Google Update (DENY) (I prefer to do this manually)

  • helpd (DENY) (i google anyway)

  • imagent (5523) (This is for messages to work)

    Nonetheless, it never hurts to have options, so Togu Audio Line’s TAL Reverb- 4 is well worth downloading. It allows you to achieve reverbs ranging from plate reverb to room reverb and hall reverb sound. U-he Protoverb.Undoubtedly one of the strangest, most creative plugins on our list, u-he’s Protoverb is, as you’d expect, a reverb plugin. OldSkoolVerb works best with vocals, piano and pads. OldSkoolVerb.Freeware algorithmic reverb for professional music production applications, and implements a kind of “classic” stereo reverb algorithm, the result being a very clear spatial image that blends well with the mix. Best reverb vst download.

  • iStat Menus (443)

  • iTerm2 (ALLOW ALL)

  • iTunes (443)

  • ksfetch (DENY) (This is for google update and I have no faith in google. Again. Manually take care of updates. Also, when / if you use Chrome it will tell you there're updates anyway.)

  • Little Snitch Update (443)

  • locationd (443) (This is for find my mac to work. I always keep this enabled for all profiles because if my laptop is ever stolen, i'd hate to have little snitch block me from finding it! (this HAS happened to me!))

  • Mail (443, 585, 143, 993, 465)

  • mapspushd (443 to domain: apple)

  • MEGAclient (ANY)

  • Messages (DENY 80, ALLOW 443)

  • nbagent (ANY) (This is for NETBIOS and the Bonjour service as far as I have read.. I need to play with this one a bit more)

  • node (ANOTHER ADOBE BS.. DENY)

  • node (for creative cloud allow 443)

  • nsurlsessiond (ANY) (This is for proper name server addressing. I need to investigate this one as well)

  • OPENVPN (ALLOW ANY) (both user processes and system)

  • photolibraryd (DENY) (I don't use the photo cloud BS.. so.. deny.)

  • Photos Agent (443) (as far as I can tell, this one is just for photo app updates and the like.)

  • Safari (ANY)

  • Slack (443)

  • SoftwareUpdateD (deny) (i need to revisit this one)

  • Spectacle (443) (another one I need to revisit)

  • Stocks (443)

  • Store Accountsd (ANY)

  • Store Assets D (443)

  • Thunderbird (DENY 80, ALLOW mail protocol ports only)

  • Transmission (DENY) (We don't want un-encrypted torrents on our home network do we?)

  • Unity (443)

  • User event agent (80) (revisit)

  • Weather (443 to apple only)

Assuming you’ve downloaded the Little Snitch Disk Image (.dmg file) to your Downloads folder, open a new Terminal window and enter the following command to verify the cryptographic signature of the downloaded file:

codesign --verify -R='anchor apple generic and certificate leaf[subject.OU] = MLZF7K7B5R' ~/Downloads/LittleSnitch*.dmg

If the result of this command is empty (no error message is shown), the file is intact and properly signed by Objective Development.

Little Snitch Github List

However, if an error message is shown (like “not signed at all” or “failed to satisfy specified code requirement(s)”), this indicates that the file was maliciously modified and is no longer signed by Objective Development. In that case you should NOT open the disk image file.