Question About "Little Snitch" - Does Built in Mac-OS Firewall need to be disabled in order to use Little Snitch as the main firewall on MacOS?

[Benz63amg]

I have one question regarding the highly popular Little Snitch Firewall App, Is the app designed to work alongside the built in MacOS Firewall or should the built in Firewall in MacOS be disabled prior to enabling Little Snitch?

 

[Slarti.BartFast]

I run Little Snitch and Mac OSX firewall, my understanding is the Mac firewall stops **** coming in, Little Snitch focuses on **** going out.

 

[Benz63amg]

I run Little Snitch and Mac OSX firewall, my understanding is the Mac firewall stops **** coming in, Little Snitch focuses on **** going out.

So I just looked this up further and it seems that Little Snitch stops incoming connections as well as outgoing (Version 5 of Little Snitch for Big Sur)
I would think that if both little snitch and the Mac OS built in firewall were turned on at the same time they would be interfering with one another

 

[Slarti.BartFast]

Can't comment on Big Sur as I'm staying at El Capitan - Little Snitch is one of the best bits of software I have used, I've used it with the Mac OS firewall since 2013 with no problems - with Big Sur YMMV.

 

[BrianBaughn]

In my case, since the local network firewall is handled by my router's firmware, my Mac's firewall has been off ever since I've had such a router (years and years). Little Snitch works fine in this situation.

 

[Brian33]

I'm running Little Snitch 4.5.2 (on Mojave) and I'm quite sure it doesn't block incoming connections at all.

So I just looked this up further and it seems that Little Snitch stops incoming connections as well as outgoing (Version 5 of Little Snitch for Big Sur)

Perhaps, but on the developer's What's new in Little Snitch 5 page it doesn't mention that as a change from version 4. Do you have a source for version 5 blocking incoming connections?

 

[Benz63amg]

I'm running Little Snitch 4.5.2 (on Mojave) and I'm quite sure it doesn't block incoming connections at all.

Perhaps, but on the developer's What's new in Little Snitch 5 page it doesn't mention that as a change from version 4. Do you have a source for version 5 blocking incoming connections?

I purchased version 5 of little snitch last night and it allows the filtering of both incoming as well as outgoing connections in the main Rules panel, I went ahead and disabled the built in firewall in MacOS as it is no longer needed, I cannot however find the equivalent of “Stealth Mode” which is available in the built in MacOS firewall, Do you know if Little Snitch offers that feature and if so, How did you enable/disable it?

For anyone wondering about what Stealth Mode is, here’s the info from Apple:

“Stealth Mode
Use stealth mode to keep your Mac more secure
If you’re concerned about security, you can use “stealth mode” to make it more difficult for hackers and malware to find your Mac. When stealth mode is turned on, your Mac doesn’t respond to either “ping” requests or connection attempts from a closed TCP or UDP network.”

 

[Brian33]

I purchased version 5 of little snitch last night and it allows the filtering of both incoming as well as outgoing connections in the main Rules panel

Interesting! I'm still on Mojave, but when I move to Big Sur this will be good to know. Thanks.

I cannot however find the equivalent of “Stealth Mode” which is available in the built in MacOS firewall, Do you know if Little Snitch offers that feature and if so, How did you enable/disable it?

It might be worth try to enable the macOS firewall, enable Stealth Mode, but have it allow all other connections. Set any blocking rules you wanted in Little Snitch only.

My guess (and it's only a guess) is that macOS firewall and Little Snitch as firewall would work ok together -- it seems to me that both sets of rules would be checked for each connection attempt, and if either one said to block the connection it would be blocked. That is, for a connection to succeed, both firewalls would have to allow it. It just seems logical... don't know if it really works that way though.

 

[Benz63amg]

Interesting! I'm still on Mojave, but when I move to Big Sur this will be good to know. Thanks.

It might be worth try to enable the macOS firewall, enable Stealth Mode, but have it allow all other connections. Set any blocking rules you wanted in Little Snitch only.

My guess (and it's only a guess) is that macOS firewall and Little Snitch as firewall would work ok together -- it seems to me that both sets of rules would be checked for each connection attempt, and if either one said to block the connection it would be blocked. That is, for a connection to succeed, both firewalls would have to allow it. It just seems logical... don't know if it really works that way though.

I gotta tell ya, Little Snitch 5 is absolutely brilliant piece of software that is worth every penny. Can’t believe how I used a Mac without it to this day
I’m going to just forget about the built in MacOS firewall entirely and leave it disabled as little snitch does it all now with outgoing as well as incoming connection filtering across the board, Brilliant

 

[sashavegas]

here what you need to do for big sur, in order little snitch 5, will see all apps
from recovery terminal:
csrutil disable
csrutil authenticated-root disable
reboot
from terminal mkdir mnt, it will create mnt directory into your home folders
next
type mount to see the /dev/disk where /dev/disk2s5s1, in your case it might be different
one identify the disk type
sudo mount -o nobrowse -t apfs /dev/disk1s5 mnt/
in your case it can be different
once mount, your need to edit the following:
sudo nano mnt/System/Library/Frameworks/NetworkExtension.framework/Versions/A/Resources/Info.plist

Remove anything between , under ContentFilterExclusionList.
save

once done you need to bless the snapshot
sudo bless --folder mnt/System/Library/CoreServices --bootefi --create-snapshot && sudo reboot