Firewall for macOS – looking at two Open Source options

Jonas Poenicke

Firewall for macOS – looking at two Open Source options

Most users use a variety of apps and programs on their computer, but few of them really need an Internet connection. If you want to prevent usage data from leaving your computer unsolicited, you can use a firewall that blocks outgoing connections. We have taken a closer look at two options for an open source firewall for macOS.

Why use a firewall for macOS?

A firewall regulates which data packets may be received and sent over the network and thus ensures that only authorized apps and programs can exchange data over the network. The native macOS firewall is limited to incoming connections. However, some programs send more or less detailed usage data to their developers. If you want to prevent or regulate which programs are allowed to send data over the Internet, you have to use third-party software. Even malware that has somehow found its way onto the computer will often want to phone home and can be detected in this way.

LuLu
LuLu warns when detecting new or unauthorised  connections (Source: github.com/objective-see/LuLu)

We have considered these open source firewall alternatives for macOS:

Both apps are free and can be downloaded as source code from GitHub, the AppStore, or as an installation file from the provider’s site. The advantage of open source software is that anyone can read the source code and thus, with the appropriate knowledge, understand how the program works. Nevertheless, users have to have a certain amount of trust, because the programs get a deep insight into the outgoing connections.

Security Software is not unfallible

Using a firewall for macOS can reduce data protection concerns and security risks on your own system, but is no guarantee that no data will leave your system unintentionally. The developer of LuLu also informs about the weaknesses of his firewall on his website. Firewalls (as well as antivirus programs) are not designed against targeted and well-prepared attacks.

Nevertheless, the initial configuration effort is worth it if you want to get a better overview of which programs and processes communicate over the Internet.

 

Photo of author

Jonas Poenicke

My name is Jonas Poenicke and I have been traveling throughout Germany and beyond for AWARE7 as a speaker for IT security since 2018. I also work with the pentesting team and take on sales tasks as well as organizing live hacking talks.