{"id":435,"date":"2021-09-11T13:39:38","date_gmt":"2021-09-11T11:39:38","guid":{"rendered":"http:\/\/huf.org\/wp\/?p=435"},"modified":"2021-09-11T13:51:55","modified_gmt":"2021-09-11T11:51:55","slug":"use-regular-expressions-regex-in-lulu-to-allow-ip-address-subnets","status":"publish","type":"post","link":"https:\/\/huf.org\/wp\/?p=435","title":{"rendered":"Use regular expressions (regex) in LuLu to &#8218;allow&#8216; IP address subnets"},"content":{"rendered":"\n<p><a href=\"https:\/\/objective-see.com\/products\/lulu.html\">LuLu<\/a> by Objective-See is a macOS firewall for <em>outbound connections<\/em>. While the built-in Apple product will protect you from network attacks from the networks around you, LuLu will give the user control over the network connections a running software on the Mac may want to open itself,  e.g. to the Internet. LuLu can act as a freeware replacement for the firewall part in <a href=\"https:\/\/www.obdev.at\/products\/littlesnitch\/index.html\">LittleSnitch<\/a>, the other well-known security tool for the Mac. If you want to know more about LuLu, follow the link above.<\/p>\n\n\n\n<p>In the &#8222;user-guided&#8220; mode LuLu will give the choice to create rules for a specific process with:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>either a single URL \/ IP and a sigle port (&#8222;Remote Endpoint&#8220;)<\/li><li>or all URL&#8217;s \/ IP&#8217;s and all ports (&#8222;Process&#8220;)<\/li><\/ul>\n\n\n\n<p>&#8230; with the choice of allowing or blocking traffic<\/p>\n\n\n\n<p>If you are like me, you might want to tweak those rules. And that&#8217;s where the &#8222;regex&#8220; checkbox comes into play. You can use it, for example, to allow access to all the machines in your home network.<\/p>\n\n\n\n<p>However, the LuLu user documentation currently does a bad job to describe the regex syntax that&#8217;s expected by LuLu. Is it <code>192.168.1.*<\/code> as the asterisk in the &#8222;allow all&#8220; suggests? There are many variations of regular expressions, so an example would certainly be appreciated.<\/p>\n\n\n\n<p class=\"has-large-font-size\"><em>LuLu&#8217;s regex syntax<\/em><\/p>\n\n\n\n<p>LuLu uses Objective-C&#8217;s <code>NSExpression<\/code> class. You can find that documentation <a href=\"https:\/\/developer.apple.com\/documentation\/foundation\/nsregularexpression#1661042\">here<\/a>. The most important elements for creating LuLu rules are: <\/p>\n\n\n\n<p> <\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td class=\"has-text-align-left\" data-align=\"left\">Expression<\/td><td class=\"has-text-align-left\" data-align=\"left\">Description<\/td><td>Example<\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\">\\<\/td><td class=\"has-text-align-left\" data-align=\"left\">&#8222;escape&#8220; special characters like <br \/><code>* ? + [ ( ) { } ^ $ | \\ . \/<\/code> <br \/>in order to treat them as literals <\/td><td><code>192<span style=\"color:#004da3\" class=\"has-inline-color\">\\.<\/span>168<span style=\"color:#0071a1\" class=\"has-inline-color\">\\.<\/span>1<strong><span style=\"color:#025391\" class=\"has-inline-color\">\\.<\/span><\/strong>1<\/code><\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\">.<\/td><td class=\"has-text-align-left\" data-align=\"left\">placeholder for any character &#8211; exactly _one_ character!<\/td><td><code>192\\.168\\.1\\.<span class=\"has-inline-color has-blue-color\">...<\/span><\/code><br \/><code>...\\.com<\/code><\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\"><code>a,b,c,<\/code>..<br \/><code>A,B,C,<\/code>..<br \/><code>0,1,2,<\/code>..<\/td><td class=\"has-text-align-left\" data-align=\"left\">characters, numbers, symbols are treated as themselves<\/td><td><code>huf\\.org<\/code><\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\"><code>[pattern]<\/code><\/td><td class=\"has-text-align-left\" data-align=\"left\">match any one character from the pattern<\/td><td><code>[aeiou]<br \/>[a-z]<br \/>[a-zA-Z]<br \/>[0-9]<\/code><\/td><\/tr><\/tbody><\/table><figcaption>important regex expressions. See the Apple doc link above for more<\/figcaption><\/figure>\n\n\n\n<p>In addition to the Expressions above there are modifiers, so you can tell LuLu to expect more than one &#8222;any character&#8220;. You place the modifier after the expression it applies to:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td>Modifier<\/td><td>Description<\/td><td>Example<\/td><\/tr><tr><td><code>*<\/code><\/td><td>Match&nbsp;<strong>0&nbsp;or more<\/strong> times. Match <strong>as many times<\/strong> as possible.<\/td><td><\/td><\/tr><tr><td><code>+<\/code><\/td><td>Match&nbsp;<strong>1&nbsp;or more<\/strong> times. Match <strong>as many times<\/strong> as possible.<\/td><td><\/td><\/tr><tr><td><code>?<\/code><\/td><td>Match&nbsp;<strong>0&nbsp;or 1<\/strong> times. Prefers 1 times<\/td><td><\/td><\/tr><tr><td><code>*?<\/code><\/td><td>Match&nbsp;<strong>0&nbsp;or more<\/strong> times. Match as <strong>few times <\/strong>as possible.<\/td><td><\/td><\/tr><tr><td><code>+?<\/code><\/td><td>Match <strong>0&nbsp;or more<\/strong> times. Match as <strong>few times <\/strong>as possible.<\/td><td><\/td><\/tr><tr><td><code>{<em>n<\/em>}?<\/code><\/td><td>Match <strong>exactly n<\/strong> times.<\/td><td><\/td><\/tr><tr><td><code>{<em>n<\/em>,}?<\/code><\/td><td>Match <strong>at least n<\/strong> times, but no more than required for an overall pattern match.<\/td><td><\/td><\/tr><tr><td><code>{<em>n<\/em>,m}?<\/code><\/td><td>Match <strong>between n and m<\/strong> times. Match as few times as possible, but not less than n.<\/td><td><\/td><\/tr><\/tbody><\/table><figcaption>Important regex modifiers. See the Apple doc link above for more<\/figcaption><\/figure>\n\n\n\n<p class=\"has-large-font-size\"><em>Some regexamples<\/em><\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td>Expression<\/td><td>What it means<\/td><td>It Matches&#8230;<\/td><\/tr><tr><td><code>192\\.168\\.1\\..*<\/code><\/td><td>any IP address starting with <code>192.168.1.<\/code> regardless what&#8217;s in the last octet, or whatever comes after the last dot. Note that there is a <strong>\\.<\/strong> escaping the last dot and then the <strong>.*<\/strong> matching vor any amount of any character after that dot. <\/td><td><code>192.168.1.1<br \/>192.168.1.25<br \/>192.168.1.200<\/code><\/td><\/tr><tr><td><meta charset=\"utf-8\"\/><code>192\\.168\\.1\\.[0-9]{1,3}?<\/code><\/td><td>This is the safer version of the one above, as it only matches numbers in the last octet. <\/td><td><meta charset=\"utf-8\"\/><code>192.168.1.1<br \/>192.168.1.26<br \/>192.168.1.230<\/code><\/td><\/tr><tr><td><meta charset=\"utf-8\"\/><code>192\\.168\\.123\\.[0-9]{1,3}?<\/code><\/td><td><meta charset=\"utf-8\"\/>any IP address starting with <code>192.168.123.<\/code> regardless what&#8217;s in the last octet.<\/td><td><meta charset=\"utf-8\"\/><code>192.168.1.2<br \/>192.168.1.69<br \/>192.168.1.100<\/code><\/td><\/tr><tr><td><\/td><td>&#8230; more to come<\/td><td><\/td><\/tr><\/tbody><\/table><figcaption>some examples<\/figcaption><\/figure>\n\n\n\n<p>So, if your home network is <code>192.168.1.0\/24<\/code> (e.g. using a <a href=\"https:\/\/en.wikipedia.org\/wiki\/Subnetwork\">netmask<\/a> of <code>255.255.255.0<\/code>), the example below will tell LuLu to allow the <a href=\"https:\/\/brave.com\/\">Brave Browser<\/a> to access any machine in your home network (on any port):<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-full is-resized\"><a href=\"http:\/\/huf.org\/wp\/wp-content\/uploads\/2021\/09\/LuLu_allow_192.168.1.x.png\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/huf.org\/wp\/wp-content\/uploads\/2021\/09\/LuLu_allow_192.168.1.x.png\" alt=\"\" class=\"wp-image-439\" width=\"393\" height=\"238\" srcset=\"https:\/\/huf.org\/wp\/wp-content\/uploads\/2021\/09\/LuLu_allow_192.168.1.x.png 478w, https:\/\/huf.org\/wp\/wp-content\/uploads\/2021\/09\/LuLu_allow_192.168.1.x-300x181.png 300w\" sizes=\"auto, (max-width: 393px) 100vw, 393px\" \/><\/a><\/figure><\/div>\n\n\n\n<p class=\"has-large-font-size\"><em>What&#8217;s next?<\/em><\/p>\n\n\n\n<p>I plan to amend this blog post in a while: I think LuLu&#8217;s documentation is lacking a good explanation of basic regex and I volunteered to create something on the <a href=\"https:\/\/github.com\/objective-see\/LuLu\">public Lulu Git<\/a>.<\/p>\n\n\n\n<p>I will add more examples (like URL regex-es) as I go ahead with that docu.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>LuLu by Objective-See is a macOS firewall for outbound connections. While the built-in Apple product will protect you from network attacks from the networks around you, LuLu will give the user control over the network connections a running software on &hellip; <a href=\"https:\/\/huf.org\/wp\/?p=435\">Weiterlesen <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[34,12,24],"class_list":["post-435","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-in-english","tag-mac","tag-security"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/huf.org\/wp\/index.php?rest_route=\/wp\/v2\/posts\/435","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/huf.org\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/huf.org\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/huf.org\/wp\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/huf.org\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=435"}],"version-history":[{"count":4,"href":"https:\/\/huf.org\/wp\/index.php?rest_route=\/wp\/v2\/posts\/435\/revisions"}],"predecessor-version":[{"id":441,"href":"https:\/\/huf.org\/wp\/index.php?rest_route=\/wp\/v2\/posts\/435\/revisions\/441"}],"wp:attachment":[{"href":"https:\/\/huf.org\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=435"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/huf.org\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=435"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/huf.org\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=435"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}