LuLu is the free, shared-source firewall for macOS. It’s goal is simple; block any unknown outgoing connections, until approved by the user. While it was designed to generically detect malware by flagging unauthorized networking connections, LuLu can also be used to block OS components or 3rd-party applications from transmitting information to remote servers.
What’s to like about LuLu? Lots!
100% free
As in no ads, no time trials, no missing features. Because why not!?
And no, it doesn’t track, monitor, or spy on you – as that’d just be pure evil!
shared source
The full source code for LuLu is available on GitHub. Such transparency allows anybody to audit its code, or understand exactly what is going on.
protects
LuLu aims to alert you whenever an unauthorized network connection is attempted. As such, it can generically detect malware, or be used to block legitimate applications that may be transmitting private data to remote servers.
simple
“Do one thing, do it well!” LuLu is designed as simply as possible. Sure this means complex features may not be available, but it also means it’s easier to use and has a smaller attack surface!
enterprise friendly
Want to know what network events are being detected? Or rules your users have added? LuLu provides simple mechanisms to subscribe to such events, and stores data such as rules in an open, easily digestible manner.
Network Monitoring
By design, LuLu only monitors for outgoing network connections. Apple’s built in firewall does a great job blocking unauthorized incoming connections.
Rules
Currently, LuLu only supports rules at the ‘process level’, meaning a process (or application) is either allowed to connect to the network or not. As is the case with other firewalls, this also means that if a legitimate (allowed) process is abused by malicious code to perform network actions, this will be allowed.
Single User
For now, LuLu can only be installed for a single user. Future versions will likely allow it to be installed by multiple users on the same system.
Self-Defense
Legitimate attackers/security professionals know that any security tool can be trivially bypassed if specifically targeted – even if the tool employs advanced self-defense mechanisms. Such self-defense mechanisms are often complex to implement and in the end, almost always futile. As such, by design LuLu (currently) implements few self-defense mechanisms. For example, an attacker could enumerate all running processes to find the LuLu component responsible for displaying alerts and terminate it (via a sigkill).
What’s New:
Version 2.6.3:
Improved rule export/import (#588)
Command-line support for install/upgrade/uninstall
Title: LuLu 2.6.3
Developer: objective-see llc
Compatibility: macOS 10.15 or later
Language: English
Includes: Free
Size: 9.64 MB