The core of Vallum are its rules.
Vallum rules are contained in two separated ruleset: inbound and outbound. Connections initiated by your Mac will be matched against the outbound ruleset.
Connections initiated by remote hosts will be matched against rules in the inbound ruleset.
Each network flow is matched against all rules, from the first to the last. Flow will be passed or blocked according to matched rule. If no rule is matched the flow is passed.
If a flow matches more than one rule, the last matched rule or the first "quick" matched rule is the one that defines the final verdict.
Every time an "ask" rule is matched Vallum holds the network connection and displays an alert window requesting user interaction. Connection is held until the alert is dismissed clicking the "Pass" or "Block" button. Once dismissed, a rule is created and added to the corresponding ruleset, and the connection is passed or blocked accordingly.
Rules can be persistent or temporary. Persistent rules are preserved after a system restart. Temporary rules expires at a specific time or event.
All rules can be moved, modified or deleted. Vallum offers complete freedom to the user to customize both inbound and outbound rulesets.