Create and edit rules

The rule editor is used to create new rules or edit existing ones. To create a new rule, click (+) in the main window’s toolbar. To edit an existing rule, double-click it. To edit multiple rules at once, select them, right-click the selection and chose Edit Rules….
Learn more about rules…

The dialog for creating new rules and editing existing ones is almost identical:

Edit Rule Dialog

Process — The process which the rule is created for or Any Process if the rule should match any process. Enter the name of an application or Unix command and Little Snitch automatically figures out the full path. Click the blue pop-up button in the text field to choose the process interactively.
Process owner — Rules can be limited to match only processes launched by a particular user or by the system itself. Choose Me to match your own processes only, System to match processes created by the system and Anyone to match processes regardless of the owner. This last option is only available if Allow Global Rule Editing is enabled under Settings > Security.
Process identification — How to recognize the process. Can be based on code ID or file system path (with or without identity check). If matching any process, you can limit matches to processes with valid code signature only.
Action — The action taken if the rule matches: Allow, Deny, Ask, Hide, Show Notification or Play Sound. When Show Notification or Play Sound is chosen, more options are available: An additional condition (notify only on allowed, denied or any connections) and a sound to play for sound rules.
Direction — The direction the rule should match: Outgoing, Incoming or Any Direction.
Remote endpoint — The type of remote endpoint to match. This can be a single server, a domain, a set of IP addresses or the [Berkeley Packet Filter].
Endpoint detail — Some endpoint types require more information such as domain or host names or IP addresses. The text field accepts lists of entries separated by comma or space and lists of ranges of IP addresses (in the form 1.2.3.4 - 5.6.7.8 or in CIDR notation).
More details — Click this text to reveal two more settings: port and protocol numbers. The protocol numbers can be given as list of ranges.
Profile or group — As a convenience, rules can be assigned to profiles or groups here, in addition to dragging them to the appropriate profile or group in the sidebar.