Little Snitch Help

Incoming connections

Whenever Little Snitch shows a connection alert for an outgoing connection, part of the app that tries to establish that connection is stalled until you decide whether to allow or deny it. The same thing happens for incoming connections that use the TCP protocol, but this is not possible for incoming connectionless data (e.g. using the UDP or ICMP protocols).

The reason why Little Snitch cannot delay incoming connectionless data is that stalling it would not stop the sender from sending more packets and an indefinite amount of data could pile up. It therefore can’t display a connection alert because that would cause an unpredictable delay. Even if Little Snitch would store an unlimited amount of data while showing a connection alert, the data would be outdated when you answered the alert since protocols like UDP are usually used for real-time information where speed matters.

Therefore, if no existing rule matches, the only thing Little Snitch can do in such a case is to deny the incoming connectionless data. To inform you that this has happened, a notification is shown in the top-right corner of the screen:

Notification of denied incoming connection

When you click that notification, Little Snitch Configuration will open and show the rule suggestions for incoming connections. Here, you can create rules from these suggestions to define what should happen with incoming connectionless data. These rules will then either allow or deny the data and prevent further notifications from being shown.

Make sure to set the correct source for the rule. For example, if an app receives data from many IP addresses, it is probably easier to just create a single rule that allows data from “Any Server” than creating multiple rules, each for a single IP address.

Little Snitch ships with protected factory rules that allow incoming connections from the local network. Therefore, you won’t see such notifications for data from the local network (unless you disable these rules).

To get a list of denied incoming connections, you can use Little Snitch Network Monitor and its filters. Select Denied and Incoming to filter just these connections. If you need to narrow down the results even further, you can additionally enter protocol:UDP in the search field to only show denied incoming UDP packets, for example.

Was this help page useful? Send feedback.
© 2016-2022 by Objective Development Software GmbH