Notification Popup Alerts
Every time a network flow matches an 'Ask' rule Vallum displays a notification popup alert.
App connection is held while you take your decision.
Click "Pass" or "Block" or wait for timeout to dismiss the alert.
Once the alert is dismissed a new rule is created and the connection is released and passed or blocked accordingly.
Each network flow is generated by an app on your Mac. Sometime apps make use of other processes like helper tools. Those helpers are processes that make network connections on behalf of other apps. One example is Safari that uses an helper for its web content: com.apple.WebKit.Networking. The same helper is used by Mail to display html messages. When available, Vallum notification popup alerts will consider the flow to be originated by the responsible app rather than the real process.
- a connection made by an XPC helper on behalf of Safari will generate a Safari notification
- a connection from the very same XPC helper on behalf of Mail.app will generate a Mail notification
Exceptions to this behaviour can be defined in Preferences -> Network Filter -> Ignored Responsible Apps. Some predefined exceptions are already included, such as Terminal.app. This is because when you run, say, ssh from the Terminal, you want to be notified about a 'ssh' connection, not a 'Terminal.app' connection.
process origin can be:
- Apple (most preinstalled apps and binary executables on macOS are signed by Apple)
- Apple App Store (includes all apps downloaded from the Mac App Store)
- Third party developer (includes all correctly signed apps by identified developers)
- Unknown (unsigned apps or binary)
The Target Popup defines which host will be matched by the resulting rule.
By default is set to match connection domain. If the hostname is not available then the IP address is selected. You can change the default target in Preferences -> Notifications -> Default target
Please note that some target type is not always available. For example 'hostname' and 'domain' targets are available only for outbound connections, and only if the netwrok flow includes a hostname. 'Port' and 'IP:Port' targets are available only for TCP and UDP flows.
Only the "IP Address" target is always available.
When "Forever" is selected the resulting rule will be persistent. Select one of the other options if you want to create temporary rules. Select "Once" if you only want to pass/block current flow without adding any rule to the ruleset.
Match apps groups and developer team ID
If an app belongs to an apps group then the option "Apply to apps group " will be available. Check this option if you want to create an apps group rule instead of an app rule. For third party signed apps the option "Apply to all apps by " is also available. Check this box to create a rule that will be matched by all apps signed with this Developer ID.
By default Notification Alerts will expire after 10 seconds. In this case a rule is automatically applied.
When a notification popup alert expires, controls on the window are ignored.
By default the resulting rule will pass the connection and will expire after 2 minutes. You can change these options in Vallum Preferences -> Alerts
Check this option if you want all matching connections to be logged.
Apply rule to all users
Check this option to create a rule that is effective for all users. If you leave the option unchecked the rule will only match connections by current flow's user.
Notification Alert Keyboard Shortcuts:
• Pass: ⌘P
• Block: ESC
• Select previous target: ▲
• Select next target: ▼
• Select target "All Connections": ⌘A
• Select "All Connections" and "Until App Quits": ⌘O
• Select "Forever": ⌘0
• Select "Until App Quits": ⌘9
• Select "Until Logout": ⌘8
• Select "For One Time": ⌘7
• Select "Log": ⌘L
• Select "Hostname": ⌘H
• Select "Domain": ⌘D