Little Snitch’s Rules Window comes with a handy feature to show all rules applying to a single app. Perform a right-click on the app and choose “Focus on Rules.

Rule group subscriptions use a .lsrules file, which is a JSON format specified in this chapter. Such files can be exported using Little Snitch Configuration or created using a text editor or a script.

A simple example

Reset Little Snitch Rules Youtube

Let’s start with a simple example that specifies a single rule for allowing software updates for LaunchBar:

Blocklists

A common use case for rule group subscriptions are blocklists that contain a lot of domains, hosts, or IP addresses for which access should be flat out denied. Using the above syntax, you’d have to repeat 'process': 'any' and 'action': 'deny' for each domain, host, or IP address. For thousands of rules, that can lead to unnecessarily large files that in turn lead to unnecessarily large downloads for every single subscriber.

Starting in Little Snitch 4.2, you can use a more compact format that looks like this:

Top-level keys

The top level of an .lsrules file is a JSON dictionary with the following keys:

KeyTypeDescription
nameStringThe name of the group.
descriptionStringA description of the rule grouop.
rulesArray of DictionariesThe list of rules. See below for rule-level keys.

To efficiently support blocklists, the following keys were added in Little Snitch 4.2:

KeyTypeDescription
denied-remote-domainsArray of StringsA list of domain names.
denied-remote-hostsArray of StringsA list of hostnames.
denied-remote-addressesArray of StringsA list of IP addresses. See Anatomy of a rule > Server (remote computer) for supported syntax.
denied-remote-notesStringThe notes that should be repeated for each rule. The placeholder %REMOTE% will be replaced with the respective domain, host, or IP-address for each rule.

You can mix all of these keys in a single .lsrules file, i.e. you can define arbitrary rules in a rules array next to a list of domains in denied-remote-domains and a list of IP addresses in denied-remote-addresses.

Rule keys

Each rule defined in the file is a JSON dictionary with the following keys:

Specifying the process

To define which processes a rule should match, you specify the executable of the process using the following keys:

  • To match any process, use:

    • 'process': 'any'
  • To match a specific process, use:
    • 'process' (String): A String containing the full path to the executable. For apps, this is path to the app’s executable, not the app wrapper. For example: /Applications/Safari.app/Contents/MacOS/Safari
    • 'via' (String, optional): If the rule should only match if the executable uses a specific helper tool, you can specify its path. For example, you could create a rule that matches “Terminal via ping” by setting 'path' to Terminal’s path and 'via' to ping’s path. Note that a rule for Terminal that has no 'via' will also match connections of “Terminal via ping”.

Specifying the remote

The remote for the rule can be specified in multiple ways. You can only provide one of the following keys:

Reset Little Snitch Rules Free

  • 'remote-addresses': A String containing one or more IP addresses in the format described in Anatomy of a rule > Server (remote computer).
  • 'remote-hosts': Either a String with a hostname, or an Array of Strings of hostnames.
  • 'remote-domains': Either a String with a domain name, or an Array of Strings of domain names.
  • 'remote': A String with exactly one of the following values. For a description of each of these values, see Anatomy of a rule > Server (remote computer).
    • 'any'
    • 'local-net'
    • 'multicast'
    • 'broadcast'
    • 'bonjour'
    • 'dns-servers'
    • 'bpf' (Berkeley Packet Filter, available starting in Little Sntich 4.4.3)

Other keys

KeyTypeDescription
directionString, optionalThe connection direction. 'incoming' or 'outgoing', defaults to 'outgoing'.
actionString, optionalThe rule action. 'allow', 'deny', or 'ask'. Defaults to 'ask'.
priorityString, optionalThe rule priority. 'regular' or 'high'. Defaults to 'regular'.
disabledBoolean, optionalWhether or not the rule is disabled by default. Defaults to false.
portsString, optionalThe ports the rule matches. Can be 'any' for any port (the default), a single port (e.g. '443'), or a range of ports (e.g. '123-456').
protocolString, optionalThe protocol the rule matches. Can be a numeric value as defined in /etc/protocols, like '6' for TCP, or the actual protocol name, like 'tcp'. Defaults to any protocol.
notesString, optionalThe notes for the rule.

Was this help page useful? Send feedback.
© 2016-2020 by Objective Development Software GmbH

Your Mac is a Net whisperer; a sleep talker; a teller of tales; a spreader of information. It's always sending messages to unseen servers while you go about your daily work. How do you keep tabs on and take control of what your Mac is talking to? Objective Development's $45 Little Snitch is the ticket to truly understanding and managing who your Mac makes contact with.

Little Snitch

Price: $45+ for a new copy; $25+ for an upgrade

Bottom line: Little Snitch is not only a great firewall application, it's educational and fun to use.

Reset Little Snitch Rules

The Good

  • Does more than the built-in firewall
  • Has three different modes for more specific controls
  • The Map lets you see where all the traffic is coming to and going from.
  • Customizable features

The Bad

  • Buying more than one license can get pricey.

Mind this chatter

Little Snitch is a firewall application and, as you may know, your Mac has a built-in firewall that you can turn on and use to quietly block unauthorized incoming network connections. So why buy a separate app if you already have something built-in? The answer is simple: Little Snitch does more than just block or allow incoming network connections. It gives you detailed information on all your network communication, whether it's from the outside world coming into your Mac or it's being sent from your Mac to anywhere on the internet.

One factor affecting battery life and lifespan is the mix of things you do with your device. /endurance-mac-battery-app.html. No matter how you use it, there are ways to help.

Chatter from your Mac isn't all bad. In fact, most of it is good and necessary. Your Mac regularly checks the App Store to make sure your apps and OS are up to date. You stream music and movies from iTunes, Netflix, Hulu, and Pandora. You send and receive email, messages, and files all as a part of your normal work and play.

However, every web page you connect to also talks to ad servers and every app you open may also send information about you, your Mac, and about the app itself back to the company that created it. Little Snitch logs all this information and lets you look at it, see what the communication is about, and choose when or whether you want to allow your Mac to make that communication in the future.

Simple is as simple does

Little Snitch offers three modes of operation:

  • Alert Mode
  • Silent Mode—Allow Connections
  • Silent Mode—Deny Connections

By default, Little Snitch uses Silent Mode—Allow Connections, which behaves just like Apple's built-in firewall does, which is to say that it assumes any application on your Mac that is properly signed is allowed to send and receive data at will. It also tracks every connection, while allowing all network traffic to freely enter and exit your Mac, so you can look at those connections and decide whether or not you want to make that connection in the future. This mode is the best choice for most users.

Alert Mode asks you to make a choice each time an application attempts to make a connection to the Internet. Once you make a choice, Little Snitch remembers your choices and allows or denies that connection in the future. Initially, if you're just starting to use Little Snitch, this can feel more like Annoying Mode, as you'll need to approve or deny every network connection attempt.

Silent Mode—Deny Connections is designed for situations where you want to create specific rules about which connections you will allow. Any connections you have not created an explicit rule for will be denied without asking for your approval.

The all seeing eye

The fun begins once Little Snitch is installed. A small menu item appears on the top of your screen and displays a small gauge setting so you know when you're sending and receiving network traffic. Click that menu and you'll see options to change modes and items for Little Snitch's Network Monitor, Rules, and Preferences.

Open the Network Monitor and a new window will open displaying a map of the world centered on your current location with arcs of network traffic traveling from your Mac to various locations throughout the world. A sidebar displays a list of applications sending and receiving traffic. Selecting one of those apps highlights where your traffic is going on the map. Another sidebar on the right displays a Connection Inspector which you use to view general and detailed information about data being sent with specific information about the application selected and why it might be sending or receiving information.

While viewing the Map or using Little Snitch's rules window you can select different apps and processes and use a small switch to allow or deny network traffic by flipping a small Rule Management switch.

Lockdown by location

Little Snitch has a multitude of customizable features, but one of my favorites is Automatic Profile Switching (APS), which allows you to create filtering profiles based on the network you're connected to. Want to be invisible when you're at Starbucks? No problem, you can create a profile for that. Not as worried when you're on your home network? You can create a profile for that. When you hop on a network APS detects where you are and automatically changes your Little Snitch profile to match your settings for the network you're on.

How to reset little snitch rules

The ultimate lockdown

I wouldn't normally think of a firewall as something fun. It's business, pal. Just business. But that's not true of Little Snitch. Not only is it a great firewall application, it's educational and super fun to use. If you need something more than Apple's built-in firewall or if you need better insight into which applications are sending information from your Mac to servers on the Internet, Little Snitch is the best app I've seen, which makes it the best app for you.

Who goes there?

Hardware? Software? No-ware? How do you make sure your Mac's locked down and keeping your secrets to itself? Sound off in the comments below.

Keep yourself secure on the web

Main

We may earn a commission for purchases using our links. Learn more.

🍎 ❤️

Reset Little Snitch Rules Full

This is how Apple will keep people safe when reopening Apple Stores

Reset Little Snitch Rules 2017

Apple recently reopened its store in Seoul, South Korea. And it has measures in place to keep people safe.