Personal Rules for Little Snitch.
Download Little Snitch then use one of the below links to automtically install one of the rules.
Copy one of the following URLs:
- Global Allow Rules: https://raw.githubusercontent.com/jkamenik/little-snitch-rules/master/Allow.lsrules
- Global Deny Rules: https://raw.githubusercontent.com/jkamenik/little-snitch-rules/master/Deny.lsrules
- Common App Rules: https://raw.githubusercontent.com/jkamenik/little-snitch-rules/master/CommonApps.lsrules
- Firefox Rules (default browser): https://raw.githubusercontent.com/jkamenik/little-snitch-rules/master/Firefox.lsrules
- iTerm rules: https://raw.githubusercontent.com/jkamenik/little-snitch-rules/master/iTerm.lsrules
Once the URL is copied then it can be imported into Little Snitch:
- Open Little Snitch Rules preference pane
- Click File -> New Rule Group Subscription
- Paste the URL
- Click "Subscribe..."
- Enter your admin password if required
- Adjust any settings
- Recommend Unchecking "Disable new allow rules" as most of the items above are "allow" rules.
- Recommend setting updates to "Daily"
- Recommend checking "Active"
- Click "Subscribe"
If you want to install the rules manually you will need to get the "raw" url of the file from github:
- Open github
- Go to repo in question
- Click on the filename
- Click "Raw" to get the raw view
- Usually "raw.githubusercontent.com////path/to/file"
The structure is JSON in the form of
{
"description": "Some useful description, usually including the subscription link",
"name": "A short human name, seen in Little Snitch on the rules",
"rules": [<rule 1>,<rule 2>,...]
}
Rules have the following fields:
- action - "allow" or "deny"
- notes - Human discription of this specific rule
- process - "any" for any or the escaped path of the executable (i.e., "/Applications/Dropbox.app/Contents/MacOS/Dropbox")
Optional Fields (ommit for "any"):
- ports - A port number (e.g. "53" for DNS, "22" for ssh, etc...)
- protocol - A protocol string:
- "icmp"
- "tcp"
- "udp"
- "irtp"
- "ipv6-icmp"
The following are exclusive rule types (you can only pick one in a rule):
- remote - One of the following (generally best to not include rules of this type in a subscription.)
- any - Allow Berkley
- bonjour - Any bonjour network connection
- broadcast - Any broadcast address
- dns-servers - Any DNS-like connection (tcp/upd port 54)
- local-net - Any local network connection
- multicast - Any multicast connection
- remote-addresses - A JSON array of IPs
["1.1.1.1", "2.2.2.2"]
- remote-hosts - A JSON array of FQDNs.
["www.example.com", "mail.example.com"]
- remote-domains - A JSON array of domains. Note: this rule applies to any subdomain as well (i.e., **.example.com)
["yahoo.com", "apple.com"]