Vallum feature suggestions

Vallum application firewall
aluff
Posts: 9
Joined: Fri Jul 24, 2015 6:33 pm

Vallum feature suggestions

Postby aluff » Thu Sep 08, 2016 5:19 pm

After the release of Vallum 1.2 there are still several features I'd like to see in the app.
  • IP subnet-based filtering. Rather than having to allow a single app multiple times for various IPs Vallum should allow a filter to set a /24 or /16 block based on the detected IP.
  • DNS-based filtering. Vallum displays the original DNS name used to attempt an outbound connection but doesn't allow permissions based on this. Useful for round-robin DNS servers.
  • Option to always allow Apple signed apps (with or without notifications). Some way to override this for specific Apple apps would be nice.
  • Better integration with Murus Pro. Ideally I'd like a way in Vallum to allow an app's inbound ports in Murus.
  • Integration with the Log Visualizer for blocked outbound apps.

Thanks,
Adrian

hany
Posts: 373
Joined: Wed Dec 10, 2014 5:20 pm

Re: Vallum feature suggestions

Postby hany » Fri Sep 09, 2016 5:04 pm

Thank you for your report :)

IP subnet-based filtering. Rather than having to allow a single app multiple times for various IPs Vallum should allow a filter to set a /24 or /16 block based on the detected IP.


Vallum already allow to set rules using CIDR subnets. In version 1.2 you can select an app and add a rule using CIDR notation.
Maybe we could add the same option in notification alert popups, but then the alert may become overcomplicated. We'll think about that :)

DNS-based filtering. Vallum displays the original DNS name used to attempt an outbound connection but doesn't allow permissions based on this. Useful for round-robin DNS servers.


Unfortunately no, Vallum does not display the origina DNS name. Vallum kernel extension (the filter engine) gets only IP addresses from the kernel. Vallum then tries to reverse these IP addresses and display the reversed host name. Unfortunately the original name and the reversed name some time are different. Sometime the whole domain is different, not only the hostname.
I don't know if a kernel extension is able to catch queries before name resolution, I don't think so.

Option to always allow Apple signed apps (with or without notifications). Some way to override this for specific Apple apps would be nice.

This option has been already added to some experimental build, but it is very very slow and inefficient. If we find a *fast* way to discriminate between apple and non-apple binaries, then we will for sure add this option.

Better integration with Murus Pro. Ideally I'd like a way in Vallum to allow an app's inbound ports in Murus.

Actually Vallum is an outbound filter only.
There is no way for Vallum to know which ports a daemon (or an app) is listening on. For the purpose of blocking inbound connections ports you usually want to put rules at network layer, not application layer, considering that a port can be "opened" only by a single process.
Murus is able to find open ports for which you may want to put network rules, please see Murus tutorials and docs.
The integration you are talking about already exists for the outbound, and cannot exist for inbound.

Integration with the Log Visualizer for blocked outbound apps

Vallum 1.2 as you know introduced log files. So now we have something to work on to make stats.
We are working at this, we are still unsure whether to integrate vallum stats in Murus Logs Visualizer or to leave all vallum stats within Vallum app.

Thanks! ;)


Return to “Vallum”

Who is online

Users browsing this forum: No registered users and 1 guest