LuLu is the free, shared-source macOS firewall that aims to block unknown outgoing connections, unless explicitly approved by the user.
What’s to like about LuLu? Lots!
As in no ads, no time trials, no missing features. Because why not!?
And no, it doesn’t track, monitor, or spy on you – as that’d just be pure evil!
The full source code for LuLu is available on GitHub. Such transparency allows anybody to audit its code, or understand exactly what is going on.
LuLu aims to alert you whenever an unauthorized network connection is attempted. As such, it can generically detect malware, or be used to block legitimate applications that may be transmitting private data to remote servers.
“Do one thing, do it well!” LuLu is designed as simply as possible. Sure this means complex features may not be available, but it also means it’s easier to use and has a smaller attack surface!
Want to know what network events are being detected? Or rules your users have added? LuLu provides simple mechanisms to subscribe to such events, and stores data such as rules in an open, easily digestible manner.
By design, LuLu only monitors for outgoing network connections. Apple’s built in firewall does a great job blocking unauthorized incoming connections.
Currently, LuLu only supports rules at the ‘process level’, meaning a process (or application) is either allowed to connect to the network or not. As is the case with other firewalls, this also means that if a legitimate (allowed) process is abused by malicious code to perform network actions, this will be allowed.
For now, LuLu can only be installed for a single user. Future versions will likely allow it to be installed by multiple users on the same system.
Legitimate attackers/security professionals know that any security tool can be trivially bypassed if specifically targeted – even if the tool employs advanced self-defense mechanisms. Such self-defense mechanisms are often complex to implement and in the end, almost always futile. As such, by design LuLu (currently) implements few self-defense mechanisms. For example, an attacker could enumerate all running processes to find the LuLu component responsible for displaying alerts and terminate it (via a sigkill).
Note: LuLu is the free, open-source macOS firewall. You can go to the official website to download.
- Fixed issue if installing from /Applications
- Process paths now resolved for symlinks
- Prevented (re)launch of installer on (re)login
- Improved rule matching (mahalo @tokyoneon_)
- Improved graylist (added: com.tcltk.tclsh)
macOS 10.12 or later, 64-bit processor