From f41e54ecdfef2864c39a1df26cb198bb3940582a Mon Sep 17 00:00:00 2001 From: Michele Cereda Date: Thu, 16 Feb 2023 23:44:58 +0100 Subject: [PATCH] Improved rules --- little snitch/parts/firefox.lsrules | 13 ++++++++-- .../parts/raspberrypi-imager.lsrules | 8 ++++++ little snitch/parts/vscode.lsrules | 4 +-- little snitch/ruleset.lsrules | 25 ++++++++++++++++--- 4 files changed, 42 insertions(+), 8 deletions(-) diff --git a/little snitch/parts/firefox.lsrules b/little snitch/parts/firefox.lsrules index 320e025..c716ba9 100644 --- a/little snitch/parts/firefox.lsrules +++ b/little snitch/parts/firefox.lsrules @@ -18,16 +18,25 @@ "process": "/Applications/Firefox.app/Contents/MacOS/firefox", "protocol": "tcp", "remote-hosts": [ - "o.lencr.org", "ocsp.digicert.com", "ocsp.entrust.net", "ocsp.globalsign.com", "ocsp.pki.goog", "ocsp.r2m01.amazontrust.com", "ocsp.sca1b.amazontrust.com", - "ocsp.sectigo.com" + "ocsp.sectigo.com", + "ocsp.usertrust.com", + "status.geotrust.com" ] }, + { + "action": "allow", + "notes": "Allow Firefox to gather information about certificates.", + "ports": "80", + "process": "/Applications/Firefox.app/Contents/MacOS/firefox", + "protocol": "tcp", + "remote-domains": "o.lencr.org" + }, { "action": "deny", diff --git a/little snitch/parts/raspberrypi-imager.lsrules b/little snitch/parts/raspberrypi-imager.lsrules index 27a2360..35615fc 100644 --- a/little snitch/parts/raspberrypi-imager.lsrules +++ b/little snitch/parts/raspberrypi-imager.lsrules @@ -2,6 +2,14 @@ "description": "", "name": "RaspberryPi Imager", "rules": [ + { + "action": "allow", + "notes": "Allow RaspberryPi Imager to securely download updates.", + "ports": "443", + "process": "/Applications/Raspberry Pi Imager.app/Contents/MacOS/rpi-imager", + "protocol": "tcp", + "remote-hosts": "downloads.raspberrypi.org" + }, { "action": "allow", "notes": "Allow RaspberryPi Imager to securely connect to websites to download images and their metadata.", diff --git a/little snitch/parts/vscode.lsrules b/little snitch/parts/vscode.lsrules index b94e617..edbdd7d 100644 --- a/little snitch/parts/vscode.lsrules +++ b/little snitch/parts/vscode.lsrules @@ -53,6 +53,7 @@ "process": "/Applications/Visual Studio Code.app/Contents/MacOS/Electron", "protocol": "tcp", "remote-hosts": [ + "login.microsoftonline.com", "vscode-sync-insiders.trafficmanager.net", "vscode-sync.trafficmanager.net", "vscode.dev" @@ -76,8 +77,7 @@ "action": "deny", "notes": "Stop VS Code's Helper from connecting to dc.services.visualstudio.com.\nUsed by the Application Insights SDK or Application Insights Agent to send data to the vendor's services in Azure.\nSee https://learn.microsoft.com/en-us/azure/azure-monitor/app/ip-addresses for details.", "process": "/Applications/Visual Studio Code.app/Contents/MacOS/Electron", - "remote-hosts": "dc.services.visualstudio.com", - "via": "/Applications/Visual Studio Code.app/Contents/Frameworks/Code Helper.app/Contents/MacOS/Code Helper" + "remote-hosts": "dc.services.visualstudio.com" } ] } diff --git a/little snitch/ruleset.lsrules b/little snitch/ruleset.lsrules index 50f4327..c9fd86d 100644 --- a/little snitch/ruleset.lsrules +++ b/little snitch/ruleset.lsrules @@ -46,16 +46,25 @@ "process": "/Applications/Firefox.app/Contents/MacOS/firefox", "protocol": "tcp", "remote-hosts": [ - "o.lencr.org", "ocsp.digicert.com", "ocsp.entrust.net", "ocsp.globalsign.com", "ocsp.pki.goog", "ocsp.r2m01.amazontrust.com", "ocsp.sca1b.amazontrust.com", - "ocsp.sectigo.com" + "ocsp.sectigo.com", + "ocsp.usertrust.com", + "status.geotrust.com" ] }, + { + "action": "allow", + "notes": "Allow Firefox to gather information about certificates.", + "ports": "80", + "process": "/Applications/Firefox.app/Contents/MacOS/firefox", + "protocol": "tcp", + "remote-domains": "o.lencr.org" + }, { "action": "deny", "notes": "Stop Firefox from connecting to Google's Interactive Media Ads SDK, which allows developers and publishers to show interactive and video ads on their websites and mobile apps.", @@ -162,6 +171,14 @@ "protocol": "tcp", "remote-hosts": "flow.logitech.io" }, + { + "action": "allow", + "notes": "Allow RaspberryPi Imager to securely download updates.", + "ports": "443", + "process": "/Applications/Raspberry Pi Imager.app/Contents/MacOS/rpi-imager", + "protocol": "tcp", + "remote-hosts": "downloads.raspberrypi.org" + }, { "action": "allow", "notes": "Allow RaspberryPi Imager to securely connect to websites to download images and their metadata.", @@ -258,6 +275,7 @@ "process": "/Applications/Visual Studio Code.app/Contents/MacOS/Electron", "protocol": "tcp", "remote-hosts": [ + "login.microsoftonline.com", "vscode-sync-insiders.trafficmanager.net", "vscode-sync.trafficmanager.net", "vscode.dev" @@ -279,8 +297,7 @@ "action": "deny", "notes": "Stop VS Code's Helper from connecting to dc.services.visualstudio.com.\nUsed by the Application Insights SDK or Application Insights Agent to send data to the vendor's services in Azure.\nSee https://learn.microsoft.com/en-us/azure/azure-monitor/app/ip-addresses for details.", "process": "/Applications/Visual Studio Code.app/Contents/MacOS/Electron", - "remote-hosts": "dc.services.visualstudio.com", - "via": "/Applications/Visual Studio Code.app/Contents/Frameworks/Code Helper.app/Contents/MacOS/Code Helper" + "remote-hosts": "dc.services.visualstudio.com" }, { "action": "allow",