Verdicts

The verdicts command prints recent Internet connection attempts and whether Plucky allowed or blocked them.

Note that these are different from in-browser verdicts.

pluck verdicts

Understanding the output

The pluck verdicts command will print recent Plucky verdicts. For example:

$ pluck verdicts
10:47:18.444 allow 356800 zoom us02web.zoom.us 170.114.52.3:443 allow program:zoom

This line tells us that at 10:47:18 (and 444 milliseconds), the program named zoom with the process identifier 356800 was allowed to connect to us02web.zoomus at IP address 170.114.52.3 using port 443 because of the Plucky rule allow program:zoom.

This information can be extremely useful for crafting a configuration that allows or blocks particular programs such as Zoom, Slack, Discord, git, ssh, etc.

Filtering the output

On Windows, to ignore port 53 (DNS):

pluck verdicts | findstr -v :53

On macOS and Linux, to ignore port 53 (DNS):

pluck verdicts | grep -v :53

Printing more verdicts

By default, pluck verdicts shows only the last 2 minutes of verdicts. But often, more distant verdicts can be seen by specifying a wider time span when invoking verdicts. For example, to see the last 10 minutes worth of verdicts:

pluck verdicts 10m

Watching verdicts

It is sometimes useful to watch verdicts as they occur. That can be done in a terminal window by invoking:

pluck verdicts -f

Allowing or blocking a program

Here are some examples of allowing or blocking programs. Note the caveats below.

pluck + block program calc.exe
pluck + allow program C:\Program Files\Visual Studio\code.exe
pluck + block program C:\Program Files\Visual Studio\code.exe
pluck + allow program /bin/curl
pluck + allow ipv4 18.65.229.76 program curl
pluck + allow zoom.us program zoom
pluck + allow port 993 program thunderbird
pluck + allow user susan program code.exe

Beware when using program on the command line because Plucky often parses the result in an unexpected way.

Wrong:

pluck + block program thunderbird port 443

Some versions of Plucky interpret that as a request to block the program named thunderbird port 443.

Use colons to help Plucky:

pluck + block program thunderbird port:443

Better still, rearrange the order so the port (which can’t contain a space) is first:

pluck + block port:443 program:thunderbird

See also rules.