Do pre-built Little Snitch configurations exist and are they shared?

Question

Is it possible to import configurations that have been created elsewhere into Little Snitch? For example, a ready to go basic ruleset for someone who wants to block iCloud's more intrusive features. Is this possible? Do such communities exist that share these?

Answer 1

Yes, there are pre-built rule sets, and someone shares them.

I just stumbled upon this:

Little Snitch rules for blocking ad servers

Here they provide a list of pre-built rules for blocking ad-servers.

It is not related specifically to iCloud, but in general yes, there are shared sets of rules for Little Snitch.

Edit: now I see what Dylan was referring to with "are you going to manually...". A little explanation is in order.

At the time, the only way (I thought) was to copy the list and paste it into Little Snitch ruleset. It was not a difficult process (literally, cmd+c, cmd+v on Mac) but the "Rule Group Subscription" on LS makes it even easier.

The website I posted earlier now provides a link to the subscription: click and be happy.

I guess Dylan's answer and mine provide a couple of alternatives for subscriptions, but I wouldn't know the difference. I admit that I stumbled upon pgl.yoyo.org just by chance.

Further edit: It seems that Steven Black (linked in Dylan's answer) collects a few sources, including yoyo, so I'd say it is more comprehensive (more rules is better?).

Answer 2

Looking at your original question, it's 3 years old. As of Little Snitch 4, you can in fact subscribe to "Rule Groups". Same end result, for the most part. These two links provide enough information to create your own Rule Groups, or simply subscribe to theirs:

Steven Black

example as Little Snitch Rule Groups (it's a translation of Steven Black's but there are scripts to make your own too)

---

One is from Steven Black on git (search for that if the link ever breaks). The other is a lesser known github user that has provided python script to convert hosts file from the former into Rule Group format. That format can be found in Little Snitch’s help pages. Here is an example.

{
  "description" : "This rule group demonstrates the subscription of a blocklist. It’s for demo purposes only.\n\nIt lets you try out the subscription procedure and the available configuration options. You can rename the group, enable\/disable either individual rules or the entire group, specify the update interval, and more.",
  "name" : "Blocklist Example",
  "rules" : [
    {
      "action" : "deny",
      "process" : "any",
      "remote-domains" : "tracking-server.example.com"
    },
    {
      "action" : "deny",
      "process" : "any",
      "remote-domains" : "ads.example.com"
    },
    {
      "action" : "deny",
      "process" : "any",
      "remote-domains" : "adserver.example.com"
    },
    {
      "action" : "deny",
      "process" : "\/Applications\/Safari.app\/Contents\/MacOS\/Safari",
      "remote-hosts" : "user-tracking.example.com"
    },
    {
      "action" : "deny",
      "process" : "\/Applications\/Safari.app\/Contents\/MacOS\/Safari",
      "remote-hosts" : "usage-analyzer.example.com"
    }
  ]
}

Once you navigate to this particular file on GitHub, eg, you would want the link provided when you click "download". Paste that into Little Snitch where it requests a URL.

You can even copy them to your own repo and subscribe to that, as well. I recommend this, since relying on a 3rd party not to have their rule group compromised (which is web-based) is just one extra possible attack vector. In my case, I just forked this particular user's repo and I manage it on my own.

Hope this helps.

P.S. - I think the other answer on here is outdated. Simply linking to a "list" of hostnames doesn't help the user much. Little Snitch has done away with this sort of busy work through the addition of Rule Groups.

Answer 3

I've found these rules https://github.com/naveednajam/Little-Snitch---Rule-Groups also based on https://github.com/StevenBlack/hosts to be the most effective for general ad and track blocking.

And for writing your own rule group subscription list this is Little Snitch's official lsrules reference https://help.obdev.at/littlesnitch/ref-lsrules-file-format

Answer 4

Little Snitch 4.1 and above supports Rule Group Subscriptions which can be in the format of a hosts file / DNS filter list.

To subscribe to a rule group that someone else has published, open Little Snitch Configuration and choose File > New Rule Group Subscription. In the dialog, enter the URL of the rule group. Only HTTPS URLs are supported.

I recommend using the filters and mirrors maintained by AdGuard on their HostlistsRegistry repository, which are actively maintained and vetted to reduce breakage.

For example, I’m currently using the AdGuard DNS filter, Malicious URL Blocklist, and NoCoin Filter List with certain rules manually disabled (e.g., crashlytics.com, metrics.icloud.com). To subscribe, copy the “Raw” link in the upper righthand corner of the file preview on GitHub and paste into the Little Snitch rule subscription modal described above.

For example, a ready to go basic ruleset for someone who wants to block iCloud's more intrusive features.

For this use-case in particular, it may be enough to add one rule blocking metrics.icloud.com in any process. You can create a new rule via File > New Rule…, then set the rule type to Deny Outgoing Connections and the process owner to “Anyone”.

Update: Apparently the glob syntax used by the AdGuard DNS filter is currently incompatible with Little Snitch (version 5.7.1) and can create incorrect rules. A similar alternative is 1Hosts which includes a ruleset formatted for Little Snitch.