most of these default rules are necessary for normal system operation. If you block one of them, in the worst case your system may freeze. You can remove them, if you like. However, then you are probably pestered by a lot of Little Snitch alerts and if you give the "wrong" answer your system may freeze.
Some of the rules are for essential system daemons like the nslookupd, lookupd, slpd and so on.
For example:
"ntpd" is the network time daemon which synchronizes your clock with a network-time-server.
"slpd" is the "line printer daemon" used to communicate with network printers.
"nmbd" is part of the Samba distribution and used by Mac OS X for windows connectivity.
"configd" is the system configuration daemon which manages your system configuration, like active network interfaces, current network location and so on. You should at least allow configd to connect to 0.0.0.XXX using protocol IPV6-ICMP.
"mDNSResponder" is part of Rendezvous.
"natd" is the network translation daemon, necessary for the internet connection sharing feature.
To get more info about any of them, simply use a google search or open the Terminal application and type "man commandname" (e.g. "man ntpd").
"local network" stands for all your local networks on all your active network cards (including airport and so on). It is computed from the network interface's current IP address and netmask (depending on the number of active network interfaces it can stand for more then one IP-range). And it is recomputed if you change your "Location".
"localhost" means connections which are local on your machine, like connecting to a local USB printer.
"169.254.0.0/16" is the zeroconf/rendezvous address space which isn't routed over the internet and only valid within your local network.
"multicast" is an alias for the full multicast IP range 224.0.0.0/4 or 224.0.0.0 - 239.255.255.255. These addresses can be used for efficient distribution of (e.g.) streaming data like internet radio, if your provider and the application you use support it.
"broadcast" is an alias for the broadcast addresses of your local networks. Broadcasts are limited to your local network and won't be routed over the internet. You can deny broadcast for specific applications, however you shouldn't disallow broadcasts at all. There are also a lot of system daemons which rely on broadcasts.
If you need more in depth information about network ports and protocols, please try a web search. You will find lots of introductory articles like e.g.:
http://www.networkmagazine.com/article/NMG20000720S0002
Regards, Karl Schwarzott -- Objective Development http://www.obdev.at/
On 09.03.2004, at 00:59, Terry Mickelson wrote:
On 6-Mar-04, at 8:09 PM, Tom R. no spam wrote:
Hhmmm, seems you have opportunity to thank Little Snitch for doing exactly what it's supposed to do, warn you every time something's trying to send info out from your computer. Your "nmbd" probably is a NetBIOS Window$ networking message, so maybe you could think of LS as alerting to you to shut off that functionality? (NetBIOS can send out frequent like "Who else is here?" messages, which I'm assuming is what you are seeing.)
I'd like to know what some of the other things mean:
Any application Allow TCP connections to multicast address
What's a multicast address? What's a broadcast address?
I have: confifd Allow IPV6-ICMP connections Deny any connection (seems like a contradiction of terms here)
host Allow UDP connections to port 53 (domain)
There are more of course; UDP, ntpd, slpd, RAW and all the various ports. Is there an explanation somewhere that tells us what these are, why they are there and what settings we should use?
Terry
_______________________________________________ Littlesnitch-talk mailing list [EMAIL PROTECTED] http://at.obdev.at/mailman/listinfo/littlesnitch-talk
_______________________________________________ Littlesnitch-talk mailing list [EMAIL PROTECTED] http://at.obdev.at/mailman/listinfo/littlesnitch-talk
