From a6f163f4203d56a1022ee9268911a54392cf1b45 Mon Sep 17 00:00:00 2001 From: Jed Laundry Date: Sun, 5 Jan 2025 03:02:03 +0000 Subject: [PATCH] wrong direction --- macos/little_snitch/helpers/__init__.py | 9 +++++++- macos/little_snitch/rules/Tailscale.lsrues | 27 ++++++++++++++++++++++ macos/little_snitch/update_tailscale.py | 1 + 3 files changed, 36 insertions(+), 1 deletion(-) diff --git a/macos/little_snitch/helpers/__init__.py b/macos/little_snitch/helpers/__init__.py index e4ee6b0..6df85e0 100644 --- a/macos/little_snitch/helpers/__init__.py +++ b/macos/little_snitch/helpers/__init__.py @@ -1,5 +1,5 @@ -def create_rule(process, ports=None, protocol="tcp", dest_ip=None, dest_host=None, dest_domain=None, owner="me", notes=None): +def create_rule(process, ports=None, protocol="tcp", dest_ip=None, dest_host=None, dest_domain=None, owner="me", notes=None, direction="outgoing"): rule = { "action": "allow", @@ -24,6 +24,13 @@ def create_rule(process, ports=None, protocol="tcp", dest_ip=None, dest_host=Non if notes is not None: rule['notes'] = notes + if direction == "outgoing": + pass # defaults to outgoing + elif direction == "incoming": + rule['direction'] = "incoming" + else: + raise Exception(f"direction '{direction}' is not incoming, outgoing") + if dest_ip is not None: if isinstance(dest_ip, list): dest_ip = ",".join(dest_ip) diff --git a/macos/little_snitch/rules/Tailscale.lsrues b/macos/little_snitch/rules/Tailscale.lsrues index 0fbed51..f35792e 100644 --- a/macos/little_snitch/rules/Tailscale.lsrues +++ b/macos/little_snitch/rules/Tailscale.lsrues @@ -29,6 +29,7 @@ "protocol": "udp", "ports": "41641", "notes": "DERP nyc (1)", + "direction": "incoming", "remote-addresses": "199.38.181.103,199.38.181.104,199.38.181.93,209.177.145.120,2607:f740:f::3eb,2607:f740:f::afd,2607:f740:f::bc,2607:f740:f::e19" }, { @@ -58,6 +59,7 @@ "protocol": "udp", "ports": "41641", "notes": "DERP sea (10)", + "direction": "incoming", "remote-addresses": "192.73.240.121,192.73.240.132,192.73.240.161,2607:f740:14::40c,2607:f740:14::500,2607:f740:14::61c" }, { @@ -86,6 +88,7 @@ "protocol": "udp", "ports": "41641", "notes": "DERP sao (11)", + "direction": "incoming", "remote-addresses": "148.163.220.129,148.163.220.134,148.163.220.210,2607:f740:1::211,2607:f740:1::2e6,2607:f740:1::861" }, { @@ -114,6 +117,7 @@ "protocol": "udp", "ports": "41641", "notes": "DERP ord (12)", + "direction": "incoming", "remote-addresses": "199.38.182.118,209.177.158.15,209.177.158.246,2607:f740:e::4c8,2607:f740:e::811,2607:f740:e::b17" }, { @@ -142,6 +146,7 @@ "protocol": "udp", "ports": "41641", "notes": "DERP den (13)", + "direction": "incoming", "remote-addresses": "192.73.242.187,192.73.242.204,192.73.242.28,2607:f740:16::5c,2607:f740:16::640,2607:f740:16::c23" }, { @@ -170,6 +175,7 @@ "protocol": "udp", "ports": "41641", "notes": "DERP ams (14)", + "direction": "incoming", "remote-addresses": "176.58.93.147,176.58.93.154,176.58.93.248,2a00:dd80:3c::3d5,2a00:dd80:3c::807,2a00:dd80:3c::b09" }, { @@ -198,6 +204,7 @@ "protocol": "udp", "ports": "41641", "notes": "DERP jnb (15)", + "direction": "incoming", "remote-addresses": "102.67.165.185,102.67.165.36,102.67.165.90,2c0f:edb0:0:10::599,2c0f:edb0:0:10::963,2c0f:edb0:0:10::b59" }, { @@ -226,6 +233,7 @@ "protocol": "udp", "ports": "41641", "notes": "DERP mia (16)", + "direction": "incoming", "remote-addresses": "192.73.243.135,192.73.243.141,192.73.243.229,2607:f740:17::475,2607:f740:17::476,2607:f740:17::4e4" }, { @@ -254,6 +262,7 @@ "protocol": "udp", "ports": "41641", "notes": "DERP lax (17)", + "direction": "incoming", "remote-addresses": "192.73.244.245,208.111.40.12,208.111.40.216,2607:f740:c::10,2607:f740:c::646,2607:f740:c::e1b" }, { @@ -282,6 +291,7 @@ "protocol": "udp", "ports": "41641", "notes": "DERP par (18)", + "direction": "incoming", "remote-addresses": "176.58.90.104,176.58.90.147,176.58.90.207,2a00:dd80:3e::363,2a00:dd80:3e::c19,2a00:dd80:3e::f2e" }, { @@ -310,6 +320,7 @@ "protocol": "udp", "ports": "41641", "notes": "DERP mad (19)", + "direction": "incoming", "remote-addresses": "2a00:dd80:14:10::20,2a00:dd80:14:10::335,2a00:dd80:14:10::34a,45.159.97.144,45.159.97.233,45.159.97.61" }, { @@ -338,6 +349,7 @@ "protocol": "udp", "ports": "41641", "notes": "DERP sfo (2)", + "direction": "incoming", "remote-addresses": "192.73.252.134,192.73.252.65,208.111.34.178,2607:f740:0:3f::287,2607:f740:0:3f::44c,2607:f740:0:3f::f4" }, { @@ -366,6 +378,7 @@ "protocol": "udp", "ports": "41641", "notes": "DERP hkg (20)", + "direction": "incoming", "remote-addresses": "103.6.84.152,205.147.105.30,205.147.105.78,2403:2500:8000:1::5fb,2403:2500:8000:1::e9a,2403:2500:8000:1::ef6" }, { @@ -394,6 +407,7 @@ "protocol": "udp", "ports": "41641", "notes": "DERP tor (21)", + "direction": "incoming", "remote-addresses": "162.248.221.199,162.248.221.215,162.248.221.248,2607:f740:50::1d1,2607:f740:50::ca4,2607:f740:50::f10" }, { @@ -422,6 +436,7 @@ "protocol": "udp", "ports": "41641", "notes": "DERP waw (22)", + "direction": "incoming", "remote-addresses": "2a00:dd80:40:100::211,2a00:dd80:40:100::316,2a00:dd80:40:100::3f,45.159.98.145,45.159.98.196,45.159.98.253" }, { @@ -450,6 +465,7 @@ "protocol": "udp", "ports": "41641", "notes": "DERP dbi (23)", + "direction": "incoming", "remote-addresses": "185.34.3.207,185.34.3.232,185.34.3.75,2a00:dd80:3f:100::76f,2a00:dd80:3f:100::97e,2a00:dd80:3f:100::a50" }, { @@ -478,6 +494,7 @@ "protocol": "udp", "ports": "41641", "notes": "DERP hnl (24)", + "direction": "incoming", "remote-addresses": "2001:19f0:c000:c564:5400:04ff:fe26:2ba8,2001:19f0:c000:c586:5400:04ff:fe26:2ba6,2001:19f0:c000:c591:5400:04ff:fe26:2c5f,208.72.155.133,208.83.233.233,208.83.234.151" }, { @@ -506,6 +523,7 @@ "protocol": "udp", "ports": "41641", "notes": "DERP nai (25)", + "direction": "incoming", "remote-addresses": "102.67.167.188,102.67.167.245,102.67.167.37,2c0f:edb0:2000:1::188,2c0f:edb0:2000:1::2c7,2c0f:edb0:2000:1::2e9" }, { @@ -534,6 +552,7 @@ "protocol": "udp", "ports": "41641", "notes": "DERP nue (26)", + "direction": "incoming", "remote-addresses": "167.235.72.200,2a01:4f8:1c0c:7d06::1,2a01:4f8:1c1c:47b6::1,2a01:4f8:1c1c:5c70::1,49.12.193.137,49.13.204.141" }, { @@ -562,6 +581,7 @@ "protocol": "udp", "ports": "41641", "notes": "DERP iad (27)", + "direction": "incoming", "remote-addresses": "178.156.134.232,178.156.152.106,178.156.152.91,2a01:4ff:f0:28d4::1,2a01:4ff:f0:3913::1,2a01:4ff:f0:3c8e::1,2a01:4ff:f0:3db9::1,5.161.218.233" }, { @@ -591,6 +611,7 @@ "protocol": "udp", "ports": "41641", "notes": "DERP sin (3)", + "direction": "incoming", "remote-addresses": "2403:2500:300::57a,2403:2500:300::b0c,2403:2500:300::df9,43.245.49.105,43.245.49.144,43.245.49.83" }, { @@ -619,6 +640,7 @@ "protocol": "udp", "ports": "41641", "notes": "DERP fra (4)", + "direction": "incoming", "remote-addresses": "185.40.234.113,185.40.234.219,185.40.234.77,2a00:dd80:20::8f,2a00:dd80:20::a25,2a00:dd80:20::bcf" }, { @@ -647,6 +669,7 @@ "protocol": "udp", "ports": "41641", "notes": "DERP syd (5)", + "direction": "incoming", "remote-addresses": "2403:2500:9000:1::43,2403:2500:9000:1::ce7,2403:2500:9000:1::f57,43.245.48.220,43.245.48.250,43.245.48.50" }, { @@ -675,6 +698,7 @@ "protocol": "udp", "ports": "41641", "notes": "DERP blr (6)", + "direction": "incoming", "remote-addresses": "2400:6180:100:d0::982:d001,68.183.90.120" }, { @@ -699,6 +723,7 @@ "protocol": "udp", "ports": "41641", "notes": "DERP tok (7)", + "direction": "incoming", "remote-addresses": "103.84.155.178,103.84.155.188,103.84.155.46,2403:2500:400:20::835,2403:2500:400:20::b79,2403:2500:400:20::cfe" }, { @@ -727,6 +752,7 @@ "protocol": "udp", "ports": "41641", "notes": "DERP lhr (8)", + "direction": "incoming", "remote-addresses": "176.58.88.183,176.58.92.144,176.58.92.254,2a00:dd80:3a::b33,2a00:dd80:3a::dfa,2a00:dd80:3a::ed" }, { @@ -755,6 +781,7 @@ "protocol": "udp", "ports": "41641", "notes": "DERP dfw (9)", + "direction": "incoming", "remote-addresses": "192.73.248.83,209.177.156.197,209.177.156.94,2607:f740:100::359,2607:f740:100::c05,2607:f740:100::cad" }, { diff --git a/macos/little_snitch/update_tailscale.py b/macos/little_snitch/update_tailscale.py index b75193f..0f8d308 100644 --- a/macos/little_snitch/update_tailscale.py +++ b/macos/little_snitch/update_tailscale.py @@ -60,6 +60,7 @@ protocol="udp", dest_ip=sorted(dest_ips), owner=None, + direction="incoming", notes=notes, ), create_rule(