From 40e971d9186bb1cfd9f02f102238949590ef7dde Mon Sep 17 00:00:00 2001 From: Jed Laundry Date: Fri, 3 Jan 2025 20:55:17 +0000 Subject: [PATCH] initial Tailscale lsrules --- .github/workflows/little_snitch.yml | 1 + macos/little_snitch/helpers/__init__.py | 4 +- macos/little_snitch/rules/Tailscale.lsrues | 1784 ++++++++++++++++++++ macos/little_snitch/update_tailscale.py | 48 + 4 files changed, 1836 insertions(+), 1 deletion(-) create mode 100644 macos/little_snitch/rules/Tailscale.lsrues create mode 100644 macos/little_snitch/update_tailscale.py diff --git a/.github/workflows/little_snitch.yml b/.github/workflows/little_snitch.yml index 2c195f0..5e7cbaa 100644 --- a/.github/workflows/little_snitch.yml +++ b/.github/workflows/little_snitch.yml @@ -38,6 +38,7 @@ jobs: python3 update_crl.py python3 update_icloud.py python3 update_microsoft.py + python3 update_tailscale.py cd ../.. message='Automated lsrules update' # Add / update and commit diff --git a/macos/little_snitch/helpers/__init__.py b/macos/little_snitch/helpers/__init__.py index c02783f..de2f45c 100644 --- a/macos/little_snitch/helpers/__init__.py +++ b/macos/little_snitch/helpers/__init__.py @@ -6,8 +6,10 @@ def create_rule(process, ports, protocol="tcp", dest_ip=None, dest_host=None, de "ports": ports, "process": process, "protocol": protocol, - "owner": owner, } + + if owner is not None: + rule['owner'] = owner if notes is not None: rule['notes'] = notes diff --git a/macos/little_snitch/rules/Tailscale.lsrues b/macos/little_snitch/rules/Tailscale.lsrues new file mode 100644 index 0000000..55baf76 --- /dev/null +++ b/macos/little_snitch/rules/Tailscale.lsrues @@ -0,0 +1,1784 @@ +[ + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP nyc-1f", + "remote-addresses": "199.38.181.104,2607:f740:f::bc" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP nyc-1f", + "remote-hosts": "derp1f.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP nyc-1g", + "remote-addresses": "209.177.145.120,2607:f740:f::3eb" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP nyc-1g", + "remote-hosts": "derp1g.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP nyc-1h", + "remote-addresses": "199.38.181.93,2607:f740:f::afd" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP nyc-1h", + "remote-hosts": "derp1h.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP nyc-1i", + "remote-addresses": "199.38.181.103,2607:f740:f::e19" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP nyc-1i", + "remote-hosts": "derp1i.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP sea-10b", + "remote-addresses": "192.73.240.161,2607:f740:14::61c" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP sea-10b", + "remote-hosts": "derp10b.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP sea-10c", + "remote-addresses": "192.73.240.121,2607:f740:14::40c" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP sea-10c", + "remote-hosts": "derp10c.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP sea-10d", + "remote-addresses": "192.73.240.132,2607:f740:14::500" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP sea-10d", + "remote-hosts": "derp10d.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP sao-11b", + "remote-addresses": "148.163.220.129,2607:f740:1::211" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP sao-11b", + "remote-hosts": "derp11b.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP sao-11c", + "remote-addresses": "148.163.220.134,2607:f740:1::861" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP sao-11c", + "remote-hosts": "derp11c.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP sao-11d", + "remote-addresses": "148.163.220.210,2607:f740:1::2e6" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP sao-11d", + "remote-hosts": "derp11d.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP ord-12d", + "remote-addresses": "209.177.158.246,2607:f740:e::811" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP ord-12d", + "remote-hosts": "derp12d.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP ord-12e", + "remote-addresses": "209.177.158.15,2607:f740:e::b17" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP ord-12e", + "remote-hosts": "derp12e.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP ord-12f", + "remote-addresses": "199.38.182.118,2607:f740:e::4c8" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP ord-12f", + "remote-hosts": "derp12f.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP den-13b", + "remote-addresses": "192.73.242.187,2607:f740:16::640" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP den-13b", + "remote-hosts": "derp13b.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP den-13c", + "remote-addresses": "192.73.242.28,2607:f740:16::5c" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP den-13c", + "remote-hosts": "derp13c.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP den-13d", + "remote-addresses": "192.73.242.204,2607:f740:16::c23" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP den-13d", + "remote-hosts": "derp13d.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP ams-14b", + "remote-addresses": "176.58.93.248,2a00:dd80:3c::807" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP ams-14b", + "remote-hosts": "derp14b.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP ams-14c", + "remote-addresses": "176.58.93.147,2a00:dd80:3c::b09" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP ams-14c", + "remote-hosts": "derp14c.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP ams-14d", + "remote-addresses": "176.58.93.154,2a00:dd80:3c::3d5" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP ams-14d", + "remote-hosts": "derp14d.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP jnb-15b", + "remote-addresses": "102.67.165.90,2c0f:edb0:0:10::963" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP jnb-15b", + "remote-hosts": "derp15b.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP jnb-15c", + "remote-addresses": "102.67.165.185,2c0f:edb0:0:10::b59" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP jnb-15c", + "remote-hosts": "derp15c.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP jnb-15d", + "remote-addresses": "102.67.165.36,2c0f:edb0:0:10::599" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP jnb-15d", + "remote-hosts": "derp15d.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP mia-16b", + "remote-addresses": "192.73.243.135,2607:f740:17::476" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP mia-16b", + "remote-hosts": "derp16b.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP mia-16c", + "remote-addresses": "192.73.243.229,2607:f740:17::4e4" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP mia-16c", + "remote-hosts": "derp16c.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP mia-16d", + "remote-addresses": "192.73.243.141,2607:f740:17::475" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP mia-16d", + "remote-hosts": "derp16d.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP lax-17b", + "remote-addresses": "192.73.244.245,2607:f740:c::646" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP lax-17b", + "remote-hosts": "derp17b.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP lax-17c", + "remote-addresses": "208.111.40.12,2607:f740:c::10" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP lax-17c", + "remote-hosts": "derp17c.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP lax-17d", + "remote-addresses": "208.111.40.216,2607:f740:c::e1b" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP lax-17d", + "remote-hosts": "derp17d.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP par-18b", + "remote-addresses": "176.58.90.147,2a00:dd80:3e::363" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP par-18b", + "remote-hosts": "derp18b.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP par-18c", + "remote-addresses": "176.58.90.207,2a00:dd80:3e::c19" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP par-18c", + "remote-hosts": "derp18c.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP par-18d", + "remote-addresses": "176.58.90.104,2a00:dd80:3e::f2e" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP par-18d", + "remote-hosts": "derp18d.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP mad-19b", + "remote-addresses": "45.159.97.144,2a00:dd80:14:10::335" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP mad-19b", + "remote-hosts": "derp19b.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP mad-19c", + "remote-addresses": "45.159.97.61,2a00:dd80:14:10::20" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP mad-19c", + "remote-hosts": "derp19c.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP mad-19d", + "remote-addresses": "45.159.97.233,2a00:dd80:14:10::34a" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP mad-19d", + "remote-hosts": "derp19d.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP sfo-2d", + "remote-addresses": "192.73.252.65,2607:f740:0:3f::287" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP sfo-2d", + "remote-hosts": "derp2d.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP sfo-2e", + "remote-addresses": "192.73.252.134,2607:f740:0:3f::44c" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP sfo-2e", + "remote-hosts": "derp2e.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP sfo-2f", + "remote-addresses": "208.111.34.178,2607:f740:0:3f::f4" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP sfo-2f", + "remote-hosts": "derp2f.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP hkg-20b", + "remote-addresses": "103.6.84.152,2403:2500:8000:1::ef6" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP hkg-20b", + "remote-hosts": "derp20b.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP hkg-20c", + "remote-addresses": "205.147.105.30,2403:2500:8000:1::5fb" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP hkg-20c", + "remote-hosts": "derp20c.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP hkg-20d", + "remote-addresses": "205.147.105.78,2403:2500:8000:1::e9a" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP hkg-20d", + "remote-hosts": "derp20d.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP tor-21b", + "remote-addresses": "162.248.221.199,2607:f740:50::1d1" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP tor-21b", + "remote-hosts": "derp21b.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP tor-21c", + "remote-addresses": "162.248.221.215,2607:f740:50::f10" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP tor-21c", + "remote-hosts": "derp21c.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP tor-21d", + "remote-addresses": "162.248.221.248,2607:f740:50::ca4" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP tor-21d", + "remote-hosts": "derp21d.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP waw-22b", + "remote-addresses": "45.159.98.196,2a00:dd80:40:100::316" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP waw-22b", + "remote-hosts": "derp22b.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP waw-22c", + "remote-addresses": "45.159.98.253,2a00:dd80:40:100::3f" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP waw-22c", + "remote-hosts": "derp22c.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP waw-22d", + "remote-addresses": "45.159.98.145,2a00:dd80:40:100::211" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP waw-22d", + "remote-hosts": "derp22d.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP dbi-23b", + "remote-addresses": "185.34.3.232,2a00:dd80:3f:100::76f" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP dbi-23b", + "remote-hosts": "derp23b.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP dbi-23c", + "remote-addresses": "185.34.3.207,2a00:dd80:3f:100::a50" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP dbi-23c", + "remote-hosts": "derp23c.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP dbi-23d", + "remote-addresses": "185.34.3.75,2a00:dd80:3f:100::97e" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP dbi-23d", + "remote-hosts": "derp23d.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP hnl-24b", + "remote-addresses": "208.83.234.151,2001:19f0:c000:c586:5400:04ff:fe26:2ba6" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP hnl-24b", + "remote-hosts": "derp24b.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP hnl-24c", + "remote-addresses": "208.83.233.233,2001:19f0:c000:c591:5400:04ff:fe26:2c5f" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP hnl-24c", + "remote-hosts": "derp24c.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP hnl-24d", + "remote-addresses": "208.72.155.133,2001:19f0:c000:c564:5400:04ff:fe26:2ba8" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP hnl-24d", + "remote-hosts": "derp24d.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP nai-25b", + "remote-addresses": "102.67.167.245,2c0f:edb0:2000:1::2e9" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP nai-25b", + "remote-hosts": "derp25b.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP nai-25c", + "remote-addresses": "102.67.167.37,2c0f:edb0:2000:1::2c7" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP nai-25c", + "remote-hosts": "derp25c.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP nai-25d", + "remote-addresses": "102.67.167.188,2c0f:edb0:2000:1::188" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP nai-25d", + "remote-hosts": "derp25d.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP nue-26b", + "remote-addresses": "167.235.72.200,2a01:4f8:1c1c:47b6::1" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP nue-26b", + "remote-hosts": "derp26b.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP nue-26c", + "remote-addresses": "49.12.193.137,2a01:4f8:1c1c:5c70::1" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP nue-26c", + "remote-hosts": "derp26c.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP nue-26d", + "remote-addresses": "49.13.204.141,2a01:4f8:1c0c:7d06::1" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP nue-26d", + "remote-hosts": "derp26d.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP iad-27b", + "remote-addresses": "5.161.218.233,2a01:4ff:f0:3db9::1" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP iad-27b", + "remote-hosts": "derp27b.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP iad-27c", + "remote-addresses": "178.156.152.91,2a01:4ff:f0:3913::1" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP iad-27c", + "remote-hosts": "derp27c.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP iad-27d", + "remote-addresses": "178.156.152.106,2a01:4ff:f0:3c8e::1" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP iad-27d", + "remote-hosts": "derp27d.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP iad-27e", + "remote-addresses": "178.156.134.232,2a01:4ff:f0:28d4::1" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP iad-27e", + "remote-hosts": "derp27e.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP sin-3b", + "remote-addresses": "43.245.49.105,2403:2500:300::b0c" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP sin-3b", + "remote-hosts": "derp3b.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP sin-3c", + "remote-addresses": "43.245.49.83,2403:2500:300::57a" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP sin-3c", + "remote-hosts": "derp3c.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP sin-3d", + "remote-addresses": "43.245.49.144,2403:2500:300::df9" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP sin-3d", + "remote-hosts": "derp3d.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP fra-4f", + "remote-addresses": "185.40.234.219,2a00:dd80:20::a25" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP fra-4f", + "remote-hosts": "derp4f.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP fra-4g", + "remote-addresses": "185.40.234.113,2a00:dd80:20::8f" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP fra-4g", + "remote-hosts": "derp4g.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP fra-4h", + "remote-addresses": "185.40.234.77,2a00:dd80:20::bcf" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP fra-4h", + "remote-hosts": "derp4h.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP syd-5b", + "remote-addresses": "43.245.48.220,2403:2500:9000:1::ce7" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP syd-5b", + "remote-hosts": "derp5b.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP syd-5c", + "remote-addresses": "43.245.48.50,2403:2500:9000:1::f57" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP syd-5c", + "remote-hosts": "derp5c.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP syd-5d", + "remote-addresses": "43.245.48.250,2403:2500:9000:1::43" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP syd-5d", + "remote-hosts": "derp5d.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP blr-6a", + "remote-addresses": "68.183.90.120,2400:6180:100:d0::982:d001" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP blr-6a", + "remote-hosts": "derp6.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP tok-7b", + "remote-addresses": "103.84.155.178,2403:2500:400:20::b79" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP tok-7b", + "remote-hosts": "derp7b.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP tok-7c", + "remote-addresses": "103.84.155.188,2403:2500:400:20::835" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP tok-7c", + "remote-hosts": "derp7c.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP tok-7d", + "remote-addresses": "103.84.155.46,2403:2500:400:20::cfe" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP tok-7d", + "remote-hosts": "derp7d.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP lhr-8e", + "remote-addresses": "176.58.92.144,2a00:dd80:3a::b33" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP lhr-8e", + "remote-hosts": "derp8e.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP lhr-8f", + "remote-addresses": "176.58.88.183,2a00:dd80:3a::dfa" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP lhr-8f", + "remote-hosts": "derp8f.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP lhr-8g", + "remote-addresses": "176.58.92.254,2a00:dd80:3a::ed" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP lhr-8g", + "remote-hosts": "derp8g.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP dfw-9d", + "remote-addresses": "209.177.156.94,2607:f740:100::c05" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP dfw-9d", + "remote-hosts": "derp9d.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP dfw-9e", + "remote-addresses": "192.73.248.83,2607:f740:100::359" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP dfw-9e", + "remote-hosts": "derp9e.tailscale.com" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP dfw-9f", + "remote-addresses": "209.177.156.197,2607:f740:100::cad" + }, + { + "action": "allow", + "ports": [ + 80, + 443 + ], + "process": "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension", + "protocol": "tcp", + "notes": "DERP dfw-9f", + "remote-hosts": "derp9f.tailscale.com" + } +] \ No newline at end of file diff --git a/macos/little_snitch/update_tailscale.py b/macos/little_snitch/update_tailscale.py new file mode 100644 index 0000000..c1bfd65 --- /dev/null +++ b/macos/little_snitch/update_tailscale.py @@ -0,0 +1,48 @@ + +import json +import urllib3 + +from helpers import create_rule + + +if __name__ == '__main__': + rules = [] + + process = "identifier.W5364U7YZB/io.tailscale.ipn.macos.network-extension" + + url = "https://login.tailscale.com/derpmap/default" + resp = urllib3.request("GET", url) + + if resp.status != 200: + raise Exception(f"GET {url} returned {resp.status}: {resp.data}") + + derpmap = resp.json() + + for region_id in derpmap['Regions'].keys(): + region = derpmap['Regions'][region_id] + region_code = region['RegionCode'] + for node in region['Nodes']: + node_name = node['Name'] + ports = [80, 443] if node['CanPort80'] else [443] + notes = f"DERP {region_code}-{node_name}" + rules += [ + create_rule( + process=process, + ports=ports, + protocol="tcp", + dest_ip=[node['IPv4'], node['IPv6']], + owner=None, + notes=notes, + ), + create_rule( + process=process, + ports=ports, + protocol="tcp", + dest_host=[node['HostName']], + owner=None, + notes=notes, + ), + ] + + with open("rules/Tailscale.lsrues", "w") as of: + json.dump(rules, of, indent=4)