LuLu
LuLu copied to clipboard
objective-see
Allow multiple rules per process
I really would like more granular level of control over which IPs a process connects to. I definitely do not want a process to connect to any Tracking system, e.g. Google, while maintaining connections to the APIs of the process.
currently the rules are per process.
it would be much more helpful if they were per process + destination (different rule for different port)
Yeah, something like Default Block *:* + Allow IP:Port per process/application would be nice. This would allow you, for example, to limit your e-mail program to your mail-servers to block all "efail" attacks and tracking-attempts etc.
Yeah, per port and/or per destination network rules would make a lot of sense.
Voting for this as well, since it's kind of a deal breaker. Mostly for the same reason as @leipert: blocking access to Analytics or Crashlytics should not prevent the process from talking to other APIs.
I came here just for this reason. LuLu is good so far, but adding this feature would really make it awesome.
This would be an awesome addition! Hope someone who is more networking savvy than myself would have the time to do a PR.
It would be super cool to control which applications have access to specific addresses.
+1, it's the only feature that keeps me from using LuLu as my main firewall!
+1, it's the only feature that keeps me from using LuLu as my main firewall!
What are you using as main firewall? I was very happy with LuLu but now i have an use case that need this feature, i need to use another firewall! :( :( :( :(
I'm wondering what's the status on this. Do you plan on implementing this in near future?
in the meanwhile I decided to try another firewall... :( I really hope that this feature will come in the future to switch back.
This is a really important request and I now have a use case: It's a VNC client that I want to green-light for LAN connections but not on the Internet, where it could cross unwanted boundaries and 'phone home' where it has no business doing so.
I'm sad LuLu has not added this, despite 3 years of strong community request for it.
do not get it, why after 3 years it is still not implemented, this is a basic need. Going to find another firewall then ..
Aloha, I just pushed LuLu 2.0.0 (beta!) Amongst other things, supports multiple rules per process (finally!)
(notarized) Download: https://bitbucket.org/objective-see/deploy/downloads/LuLu_2.0.0_BETA.zip
Would love any beta-testers/feedback! Bugs? → https://github.com/objective-see/LuLu/issues
p.s. To view (log) output, while test, run the following from the Terminal:
log stream --level debug --predicate="subsystem='com.objective-see.lulu'"
Aloha, I just pushed LuLu 2.0.0 (beta!)
sounds and looks good!
however, i would prefer radio-buttons instead of the drop-down-menu. is faster and easier to use. and it has the place on the window. even if you would offer a complete list of all possibilities, meaning something like this::
- process (/usr/bin/curl)
- host (www.example2.com)
- sub-domain ((*.)example2.com.akadns.net)
- domain ((*.)example2.com)
- ip (173.231.210.103)
- cidr /24 (173.231.192.0-173.231.255.255)
- port (http/80)
- port@host (www.example2.com:80)
- port@sub-domain ((*.)example2.com.akadns.net:80)
- port@domain ((*.)example2.com:80)
- port@ip (173.231.210.103:80)
- port@cidr :80/18 (173.231.192.0-173.231.255.255:80)
are there any more useful options? i think this corresponds to the most important wishes of all... ok, a slider for the cidr or a drop-down-menu... 😇
the more granular rule-set like this is on my wish list... thanks a lot for rethinking
+1 for allowing more options for rules. Ex: I would like to whitelist all of [Zoom's](https://support.zoom.us/hc/en-us/articles/201362683-Network-Firewall-or-Proxy-Server-Settings-for-Zoom IP addresses] to the specific process. The current options are very granular - either allow every IP Zoom connects to, or whitelist */80, */443 - neither of which are ideal.
