Hi!
Inspired by Christopher Stone's posting about a feature request I
thought I could also post some of my ideas about LS that would make
things easier to manage or give some more control over LS behavior.
0) by Christopher Stone: Search field
To easily find rules that apply to certain terms.
1) Multiple Selection of Rules:
I'd like to be able to select multiple rules at once to delete them.
If I don't want to delete all rules for an application but only some
I have to delete them one by one at the moment. Having multiple
selections would really be a time saver here.
2) Sorting of rules:
I'd like to sort my rules ba more criteria. To let me find all rules
that apply to the local network only or to an IP range. Grouping
Rules that belong together by the sorting criteria would help as
well. A disclosure triangle to the side of a set would help to
collapse all rules for "iChat" for example making the list more
manageable and easier to look over. Something a little similar to
Mail.app's thread sorting feature.
3) Expiry of rules:
I'd like to set an expiry date for rules. Sometimes a need a
temporary rule for a few days (eg when travelling) that I don't want
to be active afterwards anymore. Setting an expiry date (by absolute
or relative date) would help to keep track of this.
4) Menu Extra for LS Status:
For the paranoid amongst us a menu extra displaying the status of LS
would allo us to see if LS is enabled or disabled.
5) Locations:
Mltiple Locations for LS complementary to network locations would
allow for rules that are dependent on a certain network. For example
I might want to allow SNMP traffic to my home server (doing cacti or
MRTG statistics) which is a trusted network. On the other hand I
wouldn't want to allow SNMP traffic on any other network I might
travel with my PowerBook. So a rule dependent on a location (network
identity) would help here.
This of course raises the question what a network identity is and how
to tell LS about them. Switching LS locations in context with network
locations shouldn't be too hard I guess.
On the other hand I usually get by with a single "automatic" location
for my travelling by now. This is extremely comfortable as i don't
have to switch among them anymore. Now how could LS determine the
network now? I guess identifying a network by the following things
should lead to a unique selection.
My own IP: This might be a definite single IP (either set manually or
by means of DHCP MAC binding) or a dynamic IP in a certain defined
range.
Netmask: Of course
Router IP: We need the router's IP to help distinguish between very
similar networks.
Router MAC: This would be the final bit to really identify a network.
If all of the bits match then we can be very very certain that we're
on the correct network. Why the router MAC? Because about every
network has/needs a router and certainly all private networks doing
NAT have one. But they might share the same IP config (eg. each and
every AirPort station uses the same factory settings. So eah and
every IP setting is the same but the AirPort's MAC should be
different. The same applies to other routers default settings which
are often not changed. Anyone seen a 192.168.1.0/24 or 10.0.1.0/24
SOHO network? That's the point.
6) Activation Check Box for rules:
Just make a check box besides each rule similar to the Rules in
Mail.app. If I want one to be active, just tick the box, and untick
if you don't. Saves me from having to jot down a temporary deletion
of a rule for testing. Or maybe you just need a rule only on occasion
but want to refrain from reentering all the details again and again.
7) Logging/Growl:
What about a log what rules were violated by an app or automatically
denied (by default setting for fullscreen apps) by LS? It may apply
to games a lot, as they often run fullscreen, but at the moment I
have no way what exactly LS denied automatically in that case. A log
in LS would easily allow me to find out what a game tried to do and
set up my rules accordingly.
Maybe growl notifications ( http://growl.info/ ) for LS would be a
nice addition to this. Maybe even rule dependent. So I can tick a box
for certain rules only to be growled about as this might add up
pretty easily. Coalescing might be the way to go with growl here.
LS could inform the user about apps that (unsuccessfully) tried to
kill LS.
8) Interface dependent rules:
Let me bind rules to certain interfaces only. i would like to block
more things when connected via Bluetooth and Dial-up but allow other
things when connected via AirPort or ethernet.
∞) Conclusion:
A lot of things that came to my mind with which I hope to inspire a
discussion here. Possibly resulting in a wishlist for LS 1.5 or 2.0.
If I didn't manage to the why and how for certain things, don't
hesitate to ask for clarification. Sorry for my bad english, it's not
my mother tongue. I hope you still enjoyed the long posting.
Have a nice weekend!
Beste Regardss
_______________________________________________
Littlesnitch-talk mailing list
[email protected]
http://at.obdev.at/mailman/listinfo/littlesnitch-talk
