Do pre-built Little Snitch configurations exist and are they shared?

Is it possible to import configurations that have been created elsewhere into Little Snitch? For example, a ready to go basic ruleset for someone who wants to block iCloud's more intrusive features. Is this possible? Do such communities exist that share these?


Solution 1:

Yes, there are pre-built rule sets, and someone shares them.

I just stumbled upon this:

Little Snitch rules for blocking ad servers

Here they provide a list of pre-built rules for blocking ad-servers.

It is not related specifically to iCloud, but in general yes, there are shared sets of rules for Little Snitch.

Edit: now I see what Dylan was referring to with "are you going to manually...". A little explanation is in order.

At the time, the only way (I thought) was to copy the list and paste it into Little Snitch ruleset. It was not a difficult process (literally, cmd+c, cmd+v on Mac) but the "Rule Group Subscription" on LS makes it even easier.

The website I posted earlier now provides a link to the subscription: click and be happy.

I guess Dylan's answer and mine provide a couple of alternatives for subscriptions, but I wouldn't know the difference. I admit that I stumbled upon pgl.yoyo.org just by chance.

Further edit: It seems that Steven Black (linked in Dylan's answer) collects a few sources, including yoyo, so I'd say it is more comprehensive (more rules is better?).

Solution 2:

Looking at your original question, it's 3 years old. As of Little Snitch 4, you can in fact subscribe to "Rule Groups". Same end result, for the most part. These two links provide enough information to create your own Rule Groups, or simply subscribe to theirs:

Steven Black

example as Little Snitch Rule Groups (it's a translation of Steven Black's but there are scripts to make your own too)


One is from Steven Black on git (search for that if the link ever breaks). The other is a lesser known github user that has provided python script to convert hosts file from the former into Rule Group format. That format can be found in Little Snitch’s help pages. Here is an example.

{
  "description" : "This rule group demonstrates the subscription of a blocklist. It’s for demo purposes only.\n\nIt lets you try out the subscription procedure and the available configuration options. You can rename the group, enable\/disable either individual rules or the entire group, specify the update interval, and more.",
  "name" : "Blocklist Example",
  "rules" : [
    {
      "action" : "deny",
      "process" : "any",
      "remote-domains" : "tracking-server.example.com"
    },
    {
      "action" : "deny",
      "process" : "any",
      "remote-domains" : "ads.example.com"
    },
    {
      "action" : "deny",
      "process" : "any",
      "remote-domains" : "adserver.example.com"
    },
    {
      "action" : "deny",
      "process" : "\/Applications\/Safari.app\/Contents\/MacOS\/Safari",
      "remote-hosts" : "user-tracking.example.com"
    },
    {
      "action" : "deny",
      "process" : "\/Applications\/Safari.app\/Contents\/MacOS\/Safari",
      "remote-hosts" : "usage-analyzer.example.com"
    }
  ]
}

Once you navigate to this particular file on GitHub, eg, you would want the link provided when you click "download". Paste that into Little Snitch where it requests a URL.

You can even copy them to your own repo and subscribe to that, as well. I recommend this, since relying on a 3rd party not to have their rule group compromised (which is web-based) is just one extra possible attack vector. In my case, I just forked this particular user's repo and I manage it on my own.

Hope this helps.

P.S. - I think the other answer on here is outdated. Simply linking to a "list" of hostnames doesn't help the user much. Little Snitch has done away with this sort of busy work through the addition of Rule Groups.

Solution 3:

I've found these rules https://github.com/naveednajam/Little-Snitch---Rule-Groups also based on https://github.com/StevenBlack/hosts to be the most effective for general ad and track blocking.

And for writing your own rule group subscription list this is Little Snitch's official lsrules reference https://help.obdev.at/littlesnitch/ref-lsrules-file-format