Little Snitch 6 Help

Managing rules

When we talk about rules and connections in the connection list, you should keep one thing in mind: One row in Network Monitor does not really represent one connection, it represents a group of connections matching the row’s criteria.

When you click the Allow- or Deny-section of the rule management button of a row, you create a rule which covers all connections represented by the row and no more than that. We call this an associated rule for the row and it is represented in color (red for deny, green for allow). Whether a rule is an associated rule for a row depends on the grouping you have chosen. In the default grouping, a rule allowing an app any connection can be represented at the app level. In the inverse grouping, where domains are shown first, this rule is no longer an associated rule for any row.

Rules which affect a row, but do not cover exactly all connections represented by a row (they cover more or only a subset) are represented by a gray button section.

The rule management button can have the following states:

STATE DESCRIPTION
Rule Button None of the connections represented by the row is covered by a rule (button is only shown when hovering over it with the mouse). Any new connections in this group trigger a connection alert or Silent Mode Activity Indication (blue button, see below).
Rule Button There is an Allow-rule associated with the row. It covers all connections represented by the row and not more.
Rule Button There is a Deny-rule associated with the row. It covers all connections represented by the row and not more.
Rule Button Connections represented by this row are covered by an Allow-rule. The rule may cover more connections than represented by the row or it may cover only a subset. You may find the Allow-rule as associated rule of a deeper or higher level, if it can be represented as associated rule of any row.
Rule Button Connections represented by this row are covered by a Deny-rule, similarly as above.
Rule Button There is an associated Allow-rule for the row, but some or all connections are also covered by a Deny-rule which takes precedence over the Allow-rule. You may find it at a deeper level, if it can be represented as associated rule of any row.
Rule Button Similarly as above, but deny and allow exchanged.
Rule Button Some of the connections represented by the row are covered by an Allow-rule, some by a Deny-rule. Neither the allow, nor the Deny-rule covers exactly all connections represented by the row.
Rule Button At least some of the connections represented by the row are not covered by a rule and had activity during Silent Mode. They would have triggered a connection alert without Silent Mode. Click disclosure triangles to see more properties of the not-yet-covered connections and decide at which level you want to create a rule.
Rule Button A (possibly minimized) connection alert is pending for at least one of the connections represented by the row. The connection is said to be stalled because it’s waiting for you to create a rule, either directly in Network Monitor by clicking the rule management button or via the connection alert. Click disclosure triangles to see more details and create a more specific rule.
Rule Button An extra-high priority Deny-rule isolates the process from the Internet. This rule was created as a consequence of a failed process identity check. Click the button to delete the rule and accept the modification to the process.

Context menu

All rows in the connection list have a context menu shown on right-click. The following options are relevant for rule management:

If an application does not perform as expected and you suspect that Little Snitch may be blocking a connection which is essential for the app, you can analyze the issue in Network Monitor.

Check the rule management button for the application. Is the Deny-section red or gray, indicating the existence of a Deny-rule affecting it? Choose Show Corresponding Rule… from the context menu to see all rules affecting the application at the respective level. Optionally, use Show Recently Used Rule if you see that a connection was blocked and you want to see the responsible rule.


Was this help page useful? Send feedback.
© 2016-2024 by Objective Development Software GmbH