Managing rules
When we talk about rules and connections in the connection list, you should keep one thing in mind: One row in Network Monitor does not really represent one connection, it represents a group of connections matching the row’s criteria.
When you click the Allow- or Deny-section of the rule management button of a row, you create a rule which covers all connections represented by the row and no more than that. We call this an associated rule for the row and it is represented in color (red for deny, green for allow). Whether a rule is an associated rule for a row depends on the grouping you have chosen. In the default grouping, a rule allowing an app any connection can be represented at the app level. In the inverse grouping, where domains are shown first, this rule is no longer an associated rule for any row.
Rules which affect a row, but do not cover exactly all connections represented by a row (they cover more or only a subset) are represented by a gray button section.
The rule management button can have the following states:
STATE | DESCRIPTION |
---|---|
None of the connections represented by the row is covered by a rule (button is only shown when hovering over it with the mouse). Any new connections in this group trigger a connection alert or Silent Mode Activity Indication (blue button, see below). | |
There is an Allow-rule associated with the row. It covers all connections represented by the row and not more. | |
There is a Deny-rule associated with the row. It covers all connections represented by the row and not more. | |
Connections represented by this row are covered by an Allow-rule. The rule may cover more connections than represented by the row or it may cover only a subset. You may find the Allow-rule as associated rule of a deeper or higher level, if it can be represented as associated rule of any row. | |
Connections represented by this row are covered by a Deny-rule, similarly as above. | |
There is an associated Allow-rule for the row, but some or all connections are also covered by a Deny-rule which takes precedence over the Allow-rule. You may find it at a deeper level, if it can be represented as associated rule of any row. | |
Similarly as above, but deny and allow exchanged. | |
Some of the connections represented by the row are covered by an Allow-rule, some by a Deny-rule. Neither the allow, nor the Deny-rule covers exactly all connections represented by the row. | |
At least some of the connections represented by the row are not covered by a rule and had activity during Silent Mode. They would have triggered a connection alert without Silent Mode. Click disclosure triangles to see more properties of the not-yet-covered connections and decide at which level you want to create a rule. | |
A (possibly minimized) connection alert is pending for at least one of the connections represented by the row. The connection is said to be stalled because it’s waiting for you to create a rule, either directly in Network Monitor by clicking the rule management button or via the connection alert. Click disclosure triangles to see more details and create a more specific rule. | |
An extra-high priority Deny-rule isolates the process from the Internet. This rule was created as a consequence of a failed process identity check. Click the button to delete the rule and accept the modification to the process. |
Context menu
All rows in the connection list have a context menu shown on right-click. The following options are relevant for rule management:
- Delete Rule — If there is a rule associated with the row, an option to delete it.
- Allow Connection — An option to create an associated Allow-rule. When the option key is held, the rule is created in the current profile. If the connection is stalled, an until-quit-rule can be created by holding the shift key.
- Deny Connection — An option to create an associated Deny-rule. Same option and shift key modifications as above.
- Remove “Unconfirmed” Indication — If the connection had activity in Silent Mode, this option removes the indication without creating any rules.
- Hide Connections… — Creates a Hide Connections rule for a process. If such a rule is in effect, Network Monitor does not show individual connection data for the process. All statistics are summarized in a Hidden Connections row.
- Show Corresponding Rule — The rule management button shows whether rules for the row exist, but it can’t show details. This option opens Little Snitch Configuration and focuses on all rules covering connections represented by the row. Note that only rules covering actually represented connections are shown. Connections which never occurred, but would be represented by the row, are not taken into account.
- Show Recently Used Rule — This entry reveals rules in Little Snitch Configuration which have been used within the last 10 minutes to decide whether or not to allow connections represented by the row. It is only available if there was activity within the last 10 minutes.
If an application does not perform as expected and you suspect that Little Snitch may be blocking a connection which is essential for the app, you can analyze the issue in Network Monitor.
Check the rule management button for the application. Is the Deny-section red or gray, indicating the existence of a Deny-rule affecting it? Choose Show Corresponding Rule… from the context menu to see all rules affecting the application at the respective level. Optionally, use Show Recently Used Rule if you see that a connection was blocked and you want to see the responsible rule.
Was this help page useful? Send feedback.
© 2016-2024 by Objective Development Software GmbH