Starting with macOS 10.15.4 the above “Legacy System Extension” message will be shown when Little Snitch is installed.
→ Please read this blog post to learn more about why this message is shown.
Dec 14, 2016 Little Snitch is a very excellent app favored by macOS users, and the latest version of Little Snitch is compatible with macOS Sierra that was released some time ago. To install it smoothly, first you should remove the old version of Little Snitch. But not all macOS users know how to. Sep 16, 2017 Hi, So Ive started having some weird re-directs and pop-ups on my macbook pro. They all seem to be centered around something called chill tab. Something happened and suddenly my preferred search engine was changed in Chrome and Safari. Ran Malwarebytes. Oct 08, 2019. Also, when installing or updating Little Snitch, several extensions are installed into the system. Be sure something else installed in your system isn't blocking them. The usual routine in these matters is to UNinstall the app entirely, then REinstall. I have the latest Little Snitch running perfectly on my MBP with Mojave. Without a license key, Little Snitch runs in demo mode, which provides the same protection and functionality as the full version. The demo runs for three hours, and it can be restarted as often as you like. The Network Monitor expires after 30 days. Turn it into a full version by entering a license key.
Will there be an update of Little Snitch that’s compatible with macOS 10.16?
Yes. We are going to release Little Snitch 5 later this year, which will be compatible with macOS 10.16. → Learn more…
Will I get the update for free?
Dec 15, 2011 Dear all, yesterday I upgraded to 10.7 MacOSX Lion. After that a few programs didn't work anymore. One of them was LittleSnitch. Therefore I downloaded the newest version, startet it and hit the 'uninstall LittleSnitch' butten, to get rid of the old version.
Yes. All licenses sold now include a free upgrade to Little Snitch 5. In addition, customers who purchased Little Snitch 4 within a one-year period prior to the final release of Little Snitch 5 will also get a free upgrade. → Learn more…
Will Little Snitch 4 run on macOS 10.16?
Little Snitch 4 will not be loaded on macOS 10.16 by default, but there will still be an option to allow the loading. → Learn more…
Rule group subscriptions use a .lsrules
file, which is a JSON format specified in this chapter. Such files can be exported using Little Snitch Configuration or created using a text editor or a script.
A simple example
Let’s start with a simple example that specifies a single rule for allowing software updates for LaunchBar:
Blocklists
A common use case for rule group subscriptions are blocklists that contain a lot of domains, hosts, or IP addresses for which access should be flat out denied. Using the above syntax, you’d have to repeat 'process': 'any'
and 'action': 'deny'
for each domain, host, or IP address. For thousands of rules, that can lead to unnecessarily large files that in turn lead to unnecessarily large downloads for every single subscriber.
Starting in Little Snitch 4.2, you can use a more compact format that looks like this:
Top-level keys
The top level of an .lsrules
file is a JSON dictionary with the following keys:
Key | Type | Description |
---|---|---|
name | String | The name of the group. |
description | String | A description of the rule grouop. |
rules | Array of Dictionaries | The list of rules. See below for rule-level keys. |
To efficiently support blocklists, the following keys were added in Little Snitch 4.2:
Key | Type | Description |
---|---|---|
denied-remote-domains | Array of Strings | A list of domain names. |
denied-remote-hosts | Array of Strings | A list of hostnames. |
denied-remote-addresses | Array of Strings | A list of IP addresses. See Anatomy of a rule > Server (remote computer) for supported syntax. |
denied-remote-notes | String | The notes that should be repeated for each rule. The placeholder %REMOTE% will be replaced with the respective domain, host, or IP-address for each rule. |
You can mix all of these keys in a single .lsrules
file, i.e. you can define arbitrary rules in a rules
array next to a list of domains in denied-remote-domains
and a list of IP addresses in denied-remote-addresses
.
Rule keys
Each rule defined in the file is a JSON dictionary with the following keys:
Specifying the process
To define which processes a rule should match, you specify the executable of the process using the following keys:
To match any process, use:
'process': 'any'
- To match a specific process, use:
'process'
(String): A String containing the full path to the executable. For apps, this is path to the app’s executable, not the app wrapper. For example:/Applications/Safari.app/Contents/MacOS/Safari
'via'
(String, optional): If the rule should only match if the executable uses a specific helper tool, you can specify its path. For example, you could create a rule that matches “Terminal via ping” by setting'path'
to Terminal’s path and'via'
to ping’s path. Note that a rule for Terminal that has no'via'
will also match connections of “Terminal via ping”.
Specifying the remote
Little Snitch
The remote for the rule can be specified in multiple ways. You can only provide one of the following keys:
'remote-addresses'
: A String containing one or more IP addresses in the format described in Anatomy of a rule > Server (remote computer).'remote-hosts'
: Either a String with a hostname, or an Array of Strings of hostnames.'remote-domains'
: Either a String with a domain name, or an Array of Strings of domain names.'remote'
: A String with exactly one of the following values. For a description of each of these values, see Anatomy of a rule > Server (remote computer).'any'
'local-net'
'multicast'
'broadcast'
'bonjour'
'dns-servers'
'bpf'
(Berkeley Packet Filter, available starting in Little Sntich 4.4.3)
Other keys
Key | Type | Description |
---|---|---|
direction | String, optional | The connection direction. 'incoming' or 'outgoing' , defaults to 'outgoing' . |
action | String, optional | The rule action. 'allow' , 'deny' , or 'ask' . Defaults to 'ask' . |
priority | String, optional | The rule priority. 'regular' or 'high' . Defaults to 'regular' . |
disabled | Boolean, optional | Whether or not the rule is disabled by default. Defaults to false . |
ports | String, optional | The ports the rule matches. Can be 'any' for any port (the default), a single port (e.g. '443' ), or a range of ports (e.g. '123-456' ). |
protocol | String, optional | The protocol the rule matches. Can be a numeric value as defined in /etc/protocols , like '6' for TCP, or the actual protocol name, like 'tcp' . Defaults to any protocol. |
notes | String, optional | The notes for the rule. |
Little Snitch Uninstall Terminal 2
Was this help page useful? Send feedback.
© 2016-2020 by Objective Development Software GmbH