Little Snitch Help

Managing rules

When we talk about rules and connections in the connection list, you should keep one thing in mind: One row in Network Monitor does not really represent one connection, it represents a group of connections matching the row’s criteria.

On the topmost level, a group consists of all connections established by instances of the same program. One level below, a group is restricted to servers in a particular domain. Whereas on the last level, it’s restricted to particular server names or addresses. These can still be a variety of connections with various protocols, to various ports and different Internet addresses for the same name.

The rule management button is part of every row in the connection list. It displays whether all or any connections represented by the row are covered by an Allow- or Deny-rule.

When you click the Allow- or Deny-section of the button, you create a rule which specifically covers the exact group of connections the row represents. We call this an associated rule. This is a very quick and convenient way to create rules for all your connections at any hierarchical level.

The button can have the following states:

STATE DESCRIPTION
Rule Button None of the connections represented by the row is covered by a rule (button is only shown when hovering over it with the mouse). Any new connections in its group trigger a connection alert or Silent Mode Activity Indication (see below).
Rule Button There is an Allow-rule associated with the row. It covers the same group of connections as represented by the row.
Rule Button There is a Deny-rule associated with the row.
Rule Button Connections represented by this row are covered by an Allow-rule. The rule may cover more connections than represented by the row or it may cover only a subset. You may find the Allow-rule at a deeper or higher level, if it can be represented in Network Monitor (port- or protocol-specific rules, rules for Any Process cannot be represented).
Rule Button Connections represented by this row are covered by a Deny-rule, similarly as above.
Rule Button There is an associated Allow-rule for the row, but some or all connections are also covered by a Deny-rule which takes precedence over the Allow-rule. You may find it at a deeper level, if it can be represented in Network Monitor.
Rule Button Similarly as above, but deny and allow exchanged.
Rule Button Some of the connections represented by the row are covered by an Allow-rule, some by a Deny-rule. Neither the allow, nor the Deny-rule covers the same group of connections as represented by the row.
Rule Button At least some of the connections represented by the row are not covered by a rule and had activity during Silent Mode. They would have triggered a connection alert without Silent Mode. Click disclosure triangles to see more properties of the not-yet-covered connections and decide at which level you want to create a rule.
Rule Button A (possibly minimized) connection alert is pending for at least one of the connections represented by the row. The connection is said to be stalled because it’s waiting for you to create a rule, either directly in Network Monitor by clicking the rule management button or via the connection alert. Click disclosure triangles to see more details and create a more specific rule.
Rule Button An extra-high priority Deny-rule isolates the process from the Internet. This rule was created as a consequence of a failed process identity check. Click the button to delete the rule and accept the modification to the process.

Context menu

All rows in the connection list have a context menu shown on right-click. The following options are relevant for rule management:

If an application does not perform as expected and you suspect that Little Snitch may be blocking a connection which is essential for the app, you can analyze the issue in Network Monitor.

Check the rule management button for the application. Is the Deny-section red or gray, indicating the existence of a Deny-rule affecting it? Choose Show Corresponding Rule… from the context menu to see all rules affecting the application at the respective level. Optionally, use Show Recently Used Rule if you see that a connection was blocked and you want to see the responsible rule.


Was this help page useful? Send feedback.
© 2016-2022 by Objective Development Software GmbH