{"name":"Applications","description":"Includes rules for various 3rd-party apps.","rules":[{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/Arc.app/Contents/MacOS/Arc","via":"/Applications/Arc.app/Contents/Frameworks/ArcCore.framework/Versions/A/Helpers/Arc Helper.app/Contents/MacOS/Arc Helper","disabled":true,"notes":"Allows Arc to be used for web browsing.","remote":"any"},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/Arc.app/Contents/MacOS/Arc","disabled":true,"ports":"443","protocol":"tcp","notes":"Allows Arc's feature flag system to work. This is generally required to see new features after an update.","remote-hosts":["clientstream.launchdarkly.com","mobile.launchdarkly.com"]},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/Arc.app/Contents/MacOS/Arc","disabled":true,"ports":"443","protocol":"tcp","notes":"Allows Arc accounts, Easels, and other features to work.","remote-hosts":["content.arc.net","firebasestorage.googleapis.com","firestore.googleapis.com","securetoken.googleapis.com","www.googleapis.com","t0.gstatic.com","t1.gstatic.com","t2.gstatic.com","t3.gstatic.com"]},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/Bezel.app/Contents/MacOS/Bezel","disabled":true,"ports":"443","protocol":"tcp","notes":"Allows Bezel to check the validity of a license key.","remote-hosts":["customers.nonstrict.com"]},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/CleanShot X.app/Contents/MacOS/CleanShot X","disabled":true,"ports":"443","protocol":"tcp","notes":"Allows CleanShot X to check the validity of a license key.","remote-hosts":["legit.maketheweb.io"]},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/CrystalFetch.app/Contents/MacOS/CrystalFetch","disabled":true,"ports":"443","protocol":"tcp","notes":"Allows CrystalFetch to download Windows images.","remote-domains":["uupdump.net","microsoft.com"]},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Library/Application Support/GPGTools/GPGSuite_Updater.app/Contents/MacOS/GPGSuite_Updater","disabled":true,"ports":"443","protocol":"tcp","notes":"Allows GPG Suite to check for updates.","remote-hosts":["gpgtools.com"]},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Library/Application Support/iStat Menus 6/iStatMenusDaemon","disabled":true,"notes":"Allows iStat Menus to gather network statistics.","remote":"bpf"},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Library/Application Support/iStat Menus 6/iStat Menus Status.app/Contents/MacOS/iStat Menus Status","disabled":true,"ports":"443","protocol":"tcp","notes":"Allows iStat Menus to display the public IP address.","remote-hosts":["ip.istatmenus.app"]},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Library/Application Support/iStat Menus 6/iStat Menus Status.app/Contents/MacOS/iStat Menus Status","disabled":true,"protocol":"icmp","notes":"Allows iStat Menus to check for internet connectivity.","remote-addresses":["1.1.1.1","1.0.0.1"]},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/Latest.app/Contents/MacOS/Latest","disabled":true,"ports":"443","protocol":"tcp","notes":"Allows Latest to check for Sparkle app updates.","remote":"any"},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Library/Application Support/Objective Development/Little Snitch/Components/at.obdev.littlesnitch.daemon.bundle/Contents/XPCServices/at.obdev.littlesnitch.urldownloader.xpc/Contents/MacOS/at.obdev.littlesnitch.urldownloader","disabled":true,"ports":"443","protocol":"tcp","notes":"Allows Little Snitch to download and update Rule Group Subscriptions.","remote":"any"},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/Little Snitch.app/Contents/Components/Little Snitch Software Update.app/Contents/MacOS/Little Snitch Software Update","disabled":true,"ports":"443","protocol":"tcp","notes":"Allows Little Snitch to check for and install updates.","remote-hosts":["sw-update.obdev.at"]},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/Microsoft Remote Desktop.app/Contents/MacOS/Microsoft Remote Desktop","disabled":true,"ports":"3389","protocol":"tcp","notes":"Allows Remote Desktop to connect to RDP servers.","remote":"any"},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/Nova.app/Contents/MacOS/Nova","disabled":true,"ports":"443","protocol":"tcp","notes":"Allows Nova to check the validity of a license key.","remote-hosts":["circle.panic.com"]},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/Nova.app/Contents/MacOS/Nova","disabled":true,"ports":"443","protocol":"tcp","notes":"Allows Nova to connect to 3rd-party Git integrations.","remote-hosts":["api.github.com"]},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/Nova.app/Contents/MacOS/Nova","disabled":true,"ports":"443","protocol":"tcp","notes":"Allows Nova to download and update extensions.","remote-hosts":["extensions.panic.com","nova-extensions.freetls.fastly.net"]},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/Nova.app/Contents/MacOS/Nova","disabled":true,"ports":"443","protocol":"tcp","notes":"Allows Nova to display avatars for Git authors.","remote-hosts":["www.gravatar.com"]},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/Raycast.app/Contents/MacOS/Raycast","disabled":true,"ports":"443","protocol":"tcp","notes":"Allows Raycast to look up flights and currency conversions.","remote-hosts":["aerodatabox.p.rapidapi.com","backend.raycast.com"]},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/Raycast.app/Contents/MacOS/Raycast","disabled":true,"ports":"443","protocol":"tcp","notes":"Allows Raycast to log into accounts.","remote-hosts":["www.raycast.com"]},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/Raycast.app/Contents/MacOS/Raycast","disabled":true,"ports":"443","protocol":"tcp","notes":"Allows Raycast to download and update a Node.JS runtime. This is required to use extensions.","remote-hosts":["nodejs.org"]},{"direction":"outgoing","priority":"regular","action":"allow","process":"/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent","disabled":true,"ports":"3283","protocol":"udp","notes":"Allows Remote Desktop to gather information about machines.","remote":"any"},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/Remote Desktop.app/Contents/MacOS/Remote Desktop","disabled":true,"protocol":"icmp","notes":"Allows Remote Desktop to perform screen sharing.","remote":"any"},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/Remote Desktop.app/Contents/MacOS/Remote Desktop","disabled":true,"ports":"5900","protocol":"tcp","notes":"Allows Remote Desktop to perform screen sharing.","remote":"any"},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/Screens 4.app/Contents/MacOS/Screens 4","disabled":true,"ports":"5900","protocol":"tcp","notes":"Allows Screens to perform screen sharing.","remote":"any"},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/Screens 4.app/Contents/MacOS/Screens 4","disabled":true,"ports":"443","protocol":"tcp","notes":"Allows Screens to check the validity of a license key.","remote-hosts":["edovia.com"]},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/Sketch.app/Contents/MacOS/Sketch","disabled":true,"ports":"443","protocol":"tcp","notes":"Allows Sketch to log into accounts and validate license keys.","remote-hosts":["graphql.sketch.cloud","api.prod.sketch.com","resources-live.sketch.cloud","www.sketch.com"]},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/Sketch.app/Contents/MacOS/Sketch","disabled":true,"ports":"443","protocol":"tcp","notes":"Allows Sketch to download and check for updates.","remote-hosts":["download.sketch.com"]},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/Sketch.app/Contents/MacOS/Sketch","disabled":true,"ports":"443","protocol":"tcp","notes":"Allows Sketch to download Apple's iOS design library.","remote-hosts":["developer.apple.com","devimages-cdn.apple.com"]},{"direction":"incoming","priority":"regular","action":"allow","process":"/Applications/Syncthing.app/Contents/MacOS/Syncthing","via":"/Applications/Syncthing.app/Contents/Resources/syncthing/syncthing","disabled":true,"ports":"22000","protocol":"tcp","notes":"Allows Syncthing to accept incoming connections from devices.","remote":"any"},{"direction":"incoming","priority":"regular","action":"allow","process":"/Applications/Syncthing.app/Contents/MacOS/Syncthing","via":"/Applications/Syncthing.app/Contents/Resources/syncthing/syncthing","disabled":true,"ports":"22000","protocol":"udp","notes":"Allows Syncthing to accept incoming connections from devices.","remote":"any"},{"direction":"incoming","priority":"regular","action":"allow","process":"/Applications/Syncthing.app/Contents/MacOS/Syncthing","via":"/Applications/Syncthing.app/Contents/Resources/syncthing/syncthing","disabled":true,"ports":"21027","protocol":"udp","notes":"Allows Syncthing to be discovered by local devices.","remote":"local-net"},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/Syncthing.app/Contents/MacOS/Syncthing","via":"/Applications/Syncthing.app/Contents/Resources/syncthing/syncthing","disabled":true,"ports":"22067","protocol":"tcp","notes":"Allows Syncthing to traverse NAT firewalls.","remote":"any"},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/Syncthing.app/Contents/MacOS/Syncthing","via":"/Applications/Syncthing.app/Contents/Resources/syncthing/syncthing","disabled":true,"ports":"3478","protocol":"udp","notes":"Allows Syncthing to traverse NAT firewalls.","remote":"any"},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/Syncthing.app/Contents/MacOS/Syncthing","via":"/Applications/Syncthing.app/Contents/Resources/syncthing/syncthing","disabled":true,"ports":"22000","protocol":"tcp","notes":"Allows Syncthing to connect to unfirewalled devices.","remote":"any"},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/Syncthing.app/Contents/MacOS/Syncthing","via":"/Applications/Syncthing.app/Contents/Resources/syncthing/syncthing","disabled":true,"ports":"22000","protocol":"udp","notes":"Allows Syncthing to connect to unfirewalled devices.","remote":"any"},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/Syncthing.app/Contents/MacOS/Syncthing","via":"/Applications/Syncthing.app/Contents/Resources/syncthing/syncthing","disabled":true,"notes":"Allows Syncthing to connect to any device or relay.","remote":"any"},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/Tailscale.app/Contents/PlugIns/IPNExtension.appex/Contents/MacOS/IPNExtension","disabled":true,"ports":"80","protocol":"tcp","notes":"Allows Tailscale to sign in, discover peers, and send traffic via proxy servers.","remote-domains":["tailscale.com","tailscale.io"]},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/Tailscale.app/Contents/PlugIns/IPNExtension.appex/Contents/MacOS/IPNExtension","disabled":true,"ports":"443","protocol":"tcp","notes":"Allows Tailscale to sign in, discover peers, and send traffic via proxy servers.","remote-domains":["tailscale.com","tailscale.io"]},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/Tailscale.app/Contents/PlugIns/IPNExtension.appex/Contents/MacOS/IPNExtension","disabled":true,"ports":"3478","protocol":"udp","notes":"Allows Tailscale to sign in, discover peers, and send traffic via proxy servers.","remote-domains":["tailscale.com","tailscale.io"]},{"direction":"incoming","priority":"regular","action":"allow","process":"/Applications/Tailscale.app/Contents/PlugIns/IPNExtension.appex/Contents/MacOS/IPNExtension","disabled":true,"protocol":"udp","notes":"Allows Tailscale to communicate with peers directly.","remote":"any"},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/Tailscale.app/Contents/PlugIns/IPNExtension.appex/Contents/MacOS/IPNExtension","disabled":true,"protocol":"udp","notes":"Allows Tailscale to communicate with peers directly.","remote":"any"},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/Transmit.app/Contents/MacOS/Transmit","disabled":true,"ports":"443","protocol":"tcp","notes":"Allows Transmit to check the validity of a license key.","remote-hosts":["circle.panic.com"]},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/Transmit.app/Contents/MacOS/Transmit","disabled":true,"ports":"443","protocol":"tcp","notes":"Allows Transmit to check for S3 region updates.","remote-hosts":["panic.com"]},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/Transmit.app/Contents/MacOS/Transmit","disabled":true,"ports":"22","protocol":"tcp","notes":"Allows Transmit to make SFTP connections.","remote":"any"},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/UTM.app/Contents/MacOS/UTM","disabled":true,"ports":"443","protocol":"tcp","notes":"Allows UTM to install macOS onto Apple virtual machines.","remote-hosts":["gs.apple.com","tbsc.apple.com"]},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/WhatsApp.app/Contents/MacOS/WhatsApp","disabled":true,"ports":"443","protocol":"tcp","notes":"Allows WhatsApp to be used for messaging.","remote-domains":["whatsapp.net"]},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/WhatsApp.app/Contents/PlugIns/ServiceExtension.appex/Contents/MacOS/ServiceExtension","disabled":true,"ports":"443","protocol":"tcp","notes":"Allows WhatsApp to be used for messaging.","remote-domains":["whatsapp.net"]},{"direction":"incoming","priority":"regular","action":"allow","process":"/Applications/WireGuard.app/Contents/PlugIns/WireGuardNetworkExtension.appex/Contents/MacOS/WireGuardNetworkExtension","disabled":true,"protocol":"udp","notes":"Allows WireGuard to communicate with VPN servers.","remote":"any"},{"direction":"outgoing","priority":"regular","action":"allow","process":"/Applications/WireGuard.app/Contents/PlugIns/WireGuardNetworkExtension.appex/Contents/MacOS/WireGuardNetworkExtension","disabled":true,"protocol":"udp","notes":"Allows WireGuard to communicate with VPN servers.","remote":"any"}]}