Vallum is an application-layer content filter. It intercepts apps inbound and outbound connections and applies the corresponding firewall rules. This allows you to monitor your Mac's activity, block unwanted connections and increase your privacy and security.
Vallum is based on a macOS System Extension. Content filter is provided by a network extension using NEFilterDataProvider. This class handles network flows generated by apps running on macOS. Each flow is matched against a set of rules and then a verdict is applied and the flow is passed or dropped accordigly.
Vallum network extension filter is enabled when Vallum app is started and is disabled when Vallum app quits. The network filter runs in background and is capable of intercepting all third party apps connections and all system processes connections on macOS 11.2 and later.
Vallum can be configured to be inclusive, exclusive or interactive. By default Vallum runs as an interactive firewall, when an app wants to connect the connection is held and a popup notification alert is displayed. The alert is used to define a rule to be applied to this connection. Rule will match all app's connections or only some connections matching the IP address, hostname, domain or port. Once your choice is taken the connection is released and matched against the ruleset, then the flow is passed or blocked accordingly.
Rules are stored in a list and are persistent by default, but you can also create temporary rule that expire at a specific time or event. For example you can add a rule to pass all Safari connection that lasts today, or until next reboot, or until Safari quits.
All rules can be modified, moved or deleted, however Vallum tries to keep your rules in a specific order, rules are usually grouped by app. Vallum rules view's contextual menu offers several ways to modify, reorder and optimize your ruleset.
Each rule can be subject to one or more conditions. Rule can be matched only if conditions are met. Rule Conditions let you define different firewall behaviour for different network locations. For example you can block all inbound connections if you are not connected to your home wifi hotspot. Or you can block all outbound connections from apps used at work if VPN is not connected. And you can do this with a single firewall rule.
In the past days Mac firewalls used to define 'profiles', and automatically switch between profiles every time the location changed. This is not needed any more, you can deal with location changes without the need to switch firewall profile, you can have a unique ruleset that covers all your needs.