Little Snitch 4 Help

Connection alert

When Little Snitch encounters a connection attempt that is not yet covered by a rule and Alert Mode is active, it shows a connection alert, asking you whether to allow or deny the connection. You usually do this by creating a rule which matches the connection and, depending on your choices, other similar connections. The next time the connection is attempted, it is covered by the rule you just created and the rule determines whether to allow or deny it.

The connection is stalled until the alert is answered or a rule matching the connection is created. This means that the process trying to connect is paused and may not respond to your input, unless it performs the connection in background.

Connection Alert

Description section of alert

The description provides a brief summary of the connection attempt, including the names of involved processes and servers. If an application utilizes a helper tool to establish the connection, the name of this tool is shown next to the application name (e.g. “LaunchBar via ssh”).

If no name for the remote host can be obtained or if it is not unique, the host’s Internet address is shown. If the name is not unique, but all potential names for the host are in the same domain, the common domain is also mentioned.
Learn more about how Little Snitch determines the server name…

Depending on your detail level setting in Alert Preferences, port number and connection protocol are shown as well.

Getting more information

Rule creation section of alert

You confirm the connection alert by creating a rule matching the connection. This section lets you choose the parameters of the rule. The alert lets you only create rules which match at least the connection currently displayed, but the rule may match much more.

Rule creation options

Touch Bar controls

If your Mac has a Touch Bar, you can confirm the connection alert by tapping the Allow or Deny button. These behave just like the respective buttons in the connection alert itself and use all the other settings for rule lifetime, remote host and profile as you would expect:

Touch Bar

But if you tap and hold either the Allow or the Deny button, you can select the rule lifetime by sliding to the desired segment on the Touch Bar:

Touch Bar lifetimes


  1. In fact, the remote end of the connection can also be the Berkeley Packet Filter. This is a low level operating system service which can be used to eavesdrop all network communication or inject and receive any type of network data. Strictly speaking, it is not a remote host but a service which can be used to contact remote hosts. 


Was this help page useful? Send feedback.
© 2016-2024 by Objective Development Software GmbH