| Yes. I use this to control what information my Mac sends back to Apple. My workflow for the first system on a network is to install the OS offline, then install Little Snitch from a thumb drive from a trusted system. I set it to Silent, Deny All mode and turn off all rules except for the rules that allow software to make (not receive) connections to the local network. Then, and only then, I connect the network cable and try to pull an IP address. If you're using dhcp then this will fail. To deal with that, I create a profile that applies only when connected to my home network and then add an allow rule to let dhcpd/discoveryd (IIRC) to pull IP addresses. I then try to open up Safari and browse to, say, Google. This will typically fail for two reasons: outgoing DNS queries are not allowed outside of the network and Safari doesn't have rights to connect outside the local network. If my DNS servers are outside of my local network I add a rule to allow the DNS lookup process to connect to only the DNS servers I have defined. I then give Safari allow rules for ports 80 and 443. Both of these rules are added to the home network only profile. From there, I'll try to access the App Store and sort out what rules are needed for that, adding them and then adding them to my home network only profile. At this point, I'll take a firewall rules backup. Now, if I need to reinstall, I can load this rules backup and be able to browse the Internet, pull system updates, and then evaluate other software that needs network requests. Software that tries to connect is logged, and each connection is logged. For software that is too "chatty", trying to talk to the network when it shouldn't, I'll add deny rules so they don't spam the failed connections log. Other software will have case-by-case exceptions made for it as necessary. Generally, all of my allow rules will stay in my home network only profile, but there are a few that I'll always allow out. These are often SSH connections as they should be secure no matter where I'm at. |