List with Domains (Regexp) working and not working · evilsocket/opensnitch · Discussion #877 (original) (raw)

I added the actual IPs of ntp.ubuntu.com into the network range list but it still popped a query about ntp.ubuntu.com so it appears there is a conflict with the ranges?

The problem is that in order a rule to match a connection, all the selected fields must match.
In this case, ntp.ubuntu.com is matching the regexp list, but probably the IP is not in the network ranges list.

Sometimes, chronyd, systemd-resolved, or others apps establish a connection against 127.0.0.1:53 or 127.0.0.53:53 (or 1.1.1.1, etc...). If those IPs are not in the network ranges list, then the rule won't match and will continue evaluating rules.

Take a look at the logs, and look for new connection.*

You can also double click on the Hosts tab over the ntp.ubuntu.com, there'll probably be connections to 127.0.0.1 or others DNS server IPs.

For example in my system: