Some Questions

Vallum application firewall
Post Reply
alex
Posts: 2
Joined: Mon Jul 11, 2016 9:13 am

Some Questions

Post by alex » Wed Jul 13, 2016 9:44 pm

Hi,

I played with Vallum and Murus in the last days and all works as expected.

Now I have a few questions:

- Vallum is a outbound firewall, Apples ALF is inbound. Are there any plans to extend Vallum to deal with inbound traffic? What happens running Vallum an ALF at the same time?

- If Vallum detects a network location switch it displays a dialog you have to interact with. I use ControlPlane to automatic set the network location. So the dialog is a little bit disturbing ;)

- I am using the custom presets together with network locations. To save a changed preset you first have to delete the old preset. To save and overwrite a little icon like the delete and play icons would be nice.

- The description of strategie 'Block everything (silent)' notes that apps are blocked and will appear in the apps window. Sadly this never happens :(

In total I'm very happy with Murus Pro and Vallum.

Alex

Davide
Posts: 9
Joined: Tue Dec 30, 2014 7:34 pm

Re: Some Questions

Post by Davide » Fri Jul 15, 2016 1:56 pm

alex wrote:Hi,

I played with Vallum and Murus in the last days and all works as expected.

Now I have a few questions:

- Vallum is a outbound firewall, Apples ALF is inbound. Are there any plans to extend Vallum to deal with inbound traffic? What happens running Vallum an ALF at the same time?
Vallum intercept outgoing connections and block or allow on Application layer , whether the connections are blocked outboud, the remote server will not receive any request, and can't never responds
you can run ALF and Vallum in same time but it is not necessary
alex wrote: - If Vallum detects a network location switch it displays a dialog you have to interact with. I use ControlPlane to automatic set the network location. So the dialog is a little bit disturbing ;)

- I am using the custom presets together with network locations. To save a changed preset you first have to delete the old preset. To save and overwrite a little icon like the delete and play icons would be nice.
when my partner comes back from vacation we will discuss this
alex wrote:
- The description of strategie 'Block everything (silent)' notes that apps are blocked and will appear in the apps window. Sadly this never happens :(

In total I'm very happy with Murus Pro and Vallum.

Alex

and sorry for last request, we know this bug, we will fix it as soon as possible


Regards

Davide

jacobcarl
Posts: 5
Joined: Thu Feb 11, 2016 6:27 am
Contact:

Re: Some Questions

Post by jacobcarl » Tue Aug 23, 2016 7:41 am

Same issue even after blocking. Is it fixed ?

hany
Posts: 385
Joined: Wed Dec 10, 2014 5:20 pm

Re: Some Questions

Post by hany » Fri Sep 02, 2016 3:20 pm

Now I have a few questions:

- Vallum is a outbound firewall, Apples ALF is inbound. Are there any plans to extend Vallum to deal with inbound traffic? What happens running Vallum an ALF at the same time?
No, there are no plans to add inbound filters to Vallum. This is for a very simple reason: we believe it is almost useless. While for outbound connections all apps could try to connect, for inbound connections you need a service to be listening on a port, and only a service at a time can listen to a port. So, for inbound connections in our opinion the only useful approach is to filter at network layer not at application layer.
You may try to use both ALF and Vallum at the same time, your mileage may vary :)
We suggest to turn it off.
- If Vallum detects a network location switch it displays a dialog you have to interact with. I use ControlPlane to automatic set the network location. So the dialog is a little bit disturbing ;)
Yes I know :) but changing a firewall configuration in background without a notification is... evil :)

- I am using the custom presets together with network locations. To save a changed preset you first have to delete the old preset. To save and overwrite a little icon like the delete and play icons would be nice.
not there yet, but we will make it

- The description of strategie 'Block everything (silent)' notes that apps are blocked and will appear in the apps window. Sadly this never happens :(
the description was wrong. The way exclusions work has changed, but Strategies description didn't. We already updated all description in-app and manual. Get the latest Vallum 1.2 build here http://murusfirewall.com/forum/viewtopi ... p=984#p984. It is *for sure* much more stable than the one you a using now :)

In total I'm very happy with Murus Pro and Vallum.
Thank you! :D

alex
Posts: 2
Joined: Mon Jul 11, 2016 9:13 am

Re: Some Questions

Post by alex » Sun Sep 18, 2016 2:24 pm

hany wrote:
Now I have a few questions:

- Vallum is a outbound firewall, Apples ALF is inbound. Are there any plans to extend Vallum to deal with inbound traffic? What happens running Vallum an ALF at the same time?
No, there are no plans to add inbound filters to Vallum. This is for a very simple reason: we believe it is almost useless. While for outbound connections all apps could try to connect, for inbound connections you need a service to be listening on a port, and only a service at a time can listen to a port. So, for inbound connections in our opinion the only useful approach is to filter at network layer not at application layer.
You may try to use both ALF and Vallum at the same time, your mileage may vary :)
We suggest to turn it off.
I have to think about a better example:
I'm using Netbeans for PHP. Netbeans listens on port 9000 for xdebug. So I want to allow Netbeans and block all other Applications on this port. Blocking on network layer would block Netbeans too.
hany wrote:
- If Vallum detects a network location switch it displays a dialog you have to interact with. I use ControlPlane to automatic set the network location. So the dialog is a little bit disturbing ;)
Yes I know :) but changing a firewall configuration in background without a notification is... evil :)
I want to get noticed about the change but don't want to click somewhere. So I would prefer a OS X eh. macOS notification which disappears after 30s or so.
This was in my mind but I didn't wrote it. Sorry!

hany
Posts: 385
Joined: Wed Dec 10, 2014 5:20 pm

Re: Some Questions

Post by hany » Sun Sep 18, 2016 3:05 pm

I have to think about a better example:
I'm using Netbeans for PHP. Netbeans listens on port 9000 for xdebug. So I want to allow Netbeans and block all other Applications on this port. Blocking on network layer would block Netbeans too.
If Netbeans listens to port 9000, and is always running (like I suppose), then there is no other process listening on port 9000. Only one app at a time can listen to a tcp port. For this reason there is no need to filter inbound connections at application layer. I'm talking about *daemons*, of course, apps that stay always open from boot to shutdown.
However if you really need it then you can use the OS X Preferences Firewall (ALF), which is an inbound only application layer firewall.
Vallum filters only outbound connections so it cannot be used to filter inbound connections to your running services.
I want to get noticed about the change but don't want to click somewhere. So I would prefer a OS X eh. macOS notification which disappears after 30s or so.
This was in my mind but I didn't wrote it. Sorry!
This is a nice idea :)
In current dev build we already put a preference to disable the alert (however it is enabled by default).

NikhilSingh
Posts: 1
Joined: Wed Mar 22, 2017 7:57 am
Contact:

Re: Some Questions

Post by NikhilSingh » Wed Mar 22, 2017 8:04 am

I don't know much about this issue but one this is sure .....Murus Pro includes Vallum,...because of this i can feel my system is bit secured i can make the necessary adjustments via the Terminal application.

Post Reply