Skip to content

Instantly share code, notes, and snippets.

@SasLuca
Last active June 13, 2026 13:56
Show Gist options
  • Select an option

  • Save SasLuca/d0baaa92c81c96e9fde346eee37371dd to your computer and use it in GitHub Desktop.

Select an option

Save SasLuca/d0baaa92c81c96e9fde346eee37371dd to your computer and use it in GitHub Desktop.
Little Snitch: loopback + LAN discovery (global allow tiers)
{
"name": "Loopback + LAN discovery (global)",
"description": "Tiered global allow rules to absorb the high-volume, low-risk noise: (1) loopback/IPC that never leaves the machine, and (2) LAN multicast/broadcast/Bonjour discovery chatter (mDNS, SSDP, etc.). Directed LAN unicast is deliberately NOT allowed here so it stays per-process. These are global ('any' process) rules; Little Snitch resolves more-specific per-process rules over them, so the NoMachine LAN-only ruleset still wins. Source: ~/.config/nix; see docs/littlesnitch.md. Subscribed via public gist d0baaa92c81c96e9fde346eee37371dd.",
"rules": [
{ "action": "allow", "process": "any", "direction": "outgoing", "remote-addresses": "127.0.0.0/8" },
{ "action": "allow", "process": "any", "direction": "incoming", "remote-addresses": "127.0.0.0/8" },
{ "action": "allow", "process": "any", "direction": "outgoing", "remote-addresses": "::1" },
{ "action": "allow", "process": "any", "direction": "incoming", "remote-addresses": "::1" },
{ "action": "allow", "process": "any", "direction": "outgoing", "remote": "multicast" },
{ "action": "allow", "process": "any", "direction": "incoming", "remote": "multicast" },
{ "action": "allow", "process": "any", "direction": "outgoing", "remote": "broadcast" },
{ "action": "allow", "process": "any", "direction": "incoming", "remote": "broadcast" },
{ "action": "allow", "process": "any", "direction": "outgoing", "remote": "bonjour" },
{ "action": "allow", "process": "any", "direction": "incoming", "remote": "bonjour" }
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment