Firewall for macOS – looking at two Open Source options

Firewall for macOS – looking at two Open Source options

Most users use a variety of apps and programs on their computer, but few of them really need an Internet connection. If you want to prevent usage data from leaving your computer unsolicited, you can use a firewall that blocks outgoing connections. We have taken a closer look at two options for an open source firewall for macOS.

Why use a firewall for macOS?

A firewall regulates which data packets may be received and sent over the network and thus ensures that only authorized apps and programs can exchange data over the network. The native macOS firewall is limited to incoming connections. However, some programs send more or less detailed usage data to their developers. If you want to prevent or regulate which programs are allowed to send data over the Internet, you have to use third-party software. Even malware that has somehow found its way onto the computer will often want to phone home and can be detected in this way.

LuLu warns when detecting new or unauthorised  connections (Source: github.com/objective-see/LuLu)

We have considered these open source firewall alternatives for macOS:

Both apps are free and can be downloaded as source code from GitHub, the AppStore, or as an installation file from the provider’s site. The advantage of open source software is that anyone can read the source code and thus, with the appropriate knowledge, understand how the program works. Nevertheless, users have to have a certain amount of trust, because the programs get a deep insight into the outgoing connections.

Security Software is not unfallible

Using a firewall for macOS can reduce data protection concerns and security risks on your own system, but is no guarantee that no data will leave your system unintentionally. The developer of LuLu also informs about the weaknesses of his firewall on his website. Firewalls (as well as antivirus programs) are not designed against targeted and well-prepared attacks.

Nevertheless, the initial configuration effort is worth it if you want to get a better overview of which programs and processes communicate over the Internet.


Photo of author

Chris Wojzechowski

Mein Name ist Chris Wojzechowski und ich habe vor wenigen Jahren meinen Master in Internet-Sicherheit in Gelsenkirchen studiert. Ich bin geschäftsführender Gesellschafter der AWARE7 GmbH und ausgebildeter IT-Risk Manager, IT-Grundschutz Praktiker (TÜV) und besitze die Prüfverfahrenskompetenz für § 8a BSIG. Unser Brot und Buttergeschäft ist die Durchführung von Penetrationstests. Wir setzen uns darüber hinaus für ein breites Verständnis für IT-Sicherheit in Europa ein und bieten aus diesem Grund den Großteil unserer Produkte kostenfrei an.