Work with Rules
To display Vallum rules click "Firewall Configuration" in Vallum menulet to open Vallum Configurator window, then select Rules -> Inbound/Outbound to display Vallum rulesets.
Both inbound and outbound views are divided into two sub-views: right view displays rules, left view displays all managed apps and folders.
By default right view displays all rules. Select an app or folder on the left to display only its rules.
Rules list can be filtered also using the "Search" field or using the "Recent Rules" popup button.
Outbound Rules
Select Rules -> Outbound to display the outbound ruleset.
An outbound connection is a connection initiated by your Mac. For example when you browse the web with Safari or when you upload/download a file with FTP you are making outbound connections. For each connection a flow is created by macOS. This flow is intercepted by Vallum and is matched against all outbound rules, from the first to the last.
If no matching rule is found, the flow is passed.
Flow action is defined by the last matched rule or by the first "quick" matched rule.
If the action is "pass" or "block" the flow is immediately passed or blocked, accordingly.
If the action is "ask" and Vallum.app is running then the flow will be paused and a notification alert will be displayed. Once the notification alert is dismissed clicking "Pass" or "Block", the flow is passed or blocked accordingly.
If the matched action is "ask" and Vallum.app is not running then the notification popup alert cannot be displayed. In this case the flow will be passed or blocked according to the ask rule's "background-action" parameter.
Inbound Rules
Select Rules -> Inbound to display the inbound ruleset.
An inbound connection is a connection to your Mac initiated by a remote host. For example when someone on your local network or the Internet wants to access your shared documents to upload/download files to/from your Mac, or when someone wants to access your shared Desktop or printer or music library. For each connection a flow is created by macOS. This flow is intercepted by Vallum and is matched against all inbound rules, from the first to the last.
If no matching rule is found, the flow is passed.
Flow action is defined by the last matched rule or by the first "quick" matched rule.
If the action is "pass" or "block" the flow is immediately passed or blocked, accordingly.
If the action is "ask" and Vallum.app is running then the flow will be paused and a notification alert will be displayed awaiting your choice. Once the notification alert is dismissed clicking "Pass" or "Block", the flow is passed or blocked accordingly.
If the action is "ask" and Vallum.app is not running then the flow will be passed or blocked according to the ask rule's "background-action"" parameter.
Edit Ruleset
All rules can be moved, modified or deleted.
Select one or more rules and drag and drop them to change their order.
Select one or more rules and right-click to display contextual help. From this menu you can operate changes to your ruleset such as editing, deleting, moving, reordering and grouping rules.
Add and edit Rules
you can add a new rule clicking the '+' button below the rules list, or from the contextual menu. While clicking the '+' button creates a new rule at the end of current ruleset, using the contextual menu you can insert a new rule at a specific position.
Whatever method you choose, Vallum Rule Editor will be displayed. There are two types or Rule Editors:
1) Simplified Rule Editor
2) Advanced Rule Editor
By default, every time you add a new rule the Simplified Rule Editor is use
Simplified Rule Editor features only basic options. Click the 'Advanced...' button to switch to Advanced Rule Editor.
Inbound and Outbound ruled editors display slightly different options. For example inbound editor displays 'Source' menu instead of 'Target', and adds the 'Service' menu.
To edit a rule double click it or right-click and select 'Edit Rule' from contextual menu.
If possible, simplified rule editor will be used. If the rule features parameters that cannot be changed within the simplified editor then the advanced rule editor will be used.
Advanced Rule Editor includes more options and parameters and provides a preview of the rule.
Add and edit Apps & Folders
You can add apps directly from the Finder dragging their icons to both rules list or apps & folders list, or use the '+' button below the apps list to browse the Finder.
App list can be reordered using drag and drop. When an app is moved all its rules are grouped and moved. If an app is removed all its rules are deleted.
Select an app to display its rules.
App Identity
Select 'App Identity' popup button to display all known paths. Most apps will display only one path, however if you have duplicated instances of an app you may have more paths in the list.
Select a path to display information about app identity and to perform a signature validity check.
App Policy
Select 'Set App Policy' popup button to change selected app policy replacing current app's rules.
- Set the app as Passed. All connections will be permitted
- Set the app as Blocked. All connections will be blocked
- Copy app policy from another app
Outbound Flow Simulator
Click the 'Simulate Flow' button on bottom-right to open the Simulator window. Use the simulator to simulate an outbound flow. Once all needed parameters are provided, click the 'Simulate Outbound Flow' button. Simulation result will be displayed in rules view, matched rule will be selected.