Vallum feature suggestions

Vallum application firewall
aluff
Posts: 9
Joined: Fri Jul 24, 2015 6:33 pm

Vallum feature suggestions

Postby aluff » Thu Sep 08, 2016 5:19 pm

After the release of Vallum 1.2 there are still several features I'd like to see in the app.
  • IP subnet-based filtering. Rather than having to allow a single app multiple times for various IPs Vallum should allow a filter to set a /24 or /16 block based on the detected IP.
  • DNS-based filtering. Vallum displays the original DNS name used to attempt an outbound connection but doesn't allow permissions based on this. Useful for round-robin DNS servers.
  • Option to always allow Apple signed apps (with or without notifications). Some way to override this for specific Apple apps would be nice.
  • Better integration with Murus Pro. Ideally I'd like a way in Vallum to allow an app's inbound ports in Murus.
  • Integration with the Log Visualizer for blocked outbound apps.

Thanks,
Adrian

hany
Posts: 386
Joined: Wed Dec 10, 2014 5:20 pm

Re: Vallum feature suggestions

Postby hany » Fri Sep 09, 2016 5:04 pm

Thank you for your report :)

IP subnet-based filtering. Rather than having to allow a single app multiple times for various IPs Vallum should allow a filter to set a /24 or /16 block based on the detected IP.


Vallum already allow to set rules using CIDR subnets. In version 1.2 you can select an app and add a rule using CIDR notation.
Maybe we could add the same option in notification alert popups, but then the alert may become overcomplicated. We'll think about that :)

DNS-based filtering. Vallum displays the original DNS name used to attempt an outbound connection but doesn't allow permissions based on this. Useful for round-robin DNS servers.


Unfortunately no, Vallum does not display the origina DNS name. Vallum kernel extension (the filter engine) gets only IP addresses from the kernel. Vallum then tries to reverse these IP addresses and display the reversed host name. Unfortunately the original name and the reversed name some time are different. Sometime the whole domain is different, not only the hostname.
I don't know if a kernel extension is able to catch queries before name resolution, I don't think so.

Option to always allow Apple signed apps (with or without notifications). Some way to override this for specific Apple apps would be nice.

This option has been already added to some experimental build, but it is very very slow and inefficient. If we find a *fast* way to discriminate between apple and non-apple binaries, then we will for sure add this option.

Better integration with Murus Pro. Ideally I'd like a way in Vallum to allow an app's inbound ports in Murus.

Actually Vallum is an outbound filter only.
There is no way for Vallum to know which ports a daemon (or an app) is listening on. For the purpose of blocking inbound connections ports you usually want to put rules at network layer, not application layer, considering that a port can be "opened" only by a single process.
Murus is able to find open ports for which you may want to put network rules, please see Murus tutorials and docs.
The integration you are talking about already exists for the outbound, and cannot exist for inbound.

Integration with the Log Visualizer for blocked outbound apps

Vallum 1.2 as you know introduced log files. So now we have something to work on to make stats.
We are working at this, we are still unsure whether to integrate vallum stats in Murus Logs Visualizer or to leave all vallum stats within Vallum app.

Thanks! ;)

iEye
Posts: 1
Joined: Thu Apr 27, 2017 11:53 am

Re: Vallum feature suggestions

Postby iEye » Thu Apr 27, 2017 12:09 pm

I'm just playing around and testing Vallum 2.1 and have to say the collaboration with Murus is fantastic... things are going to another level with this.

Due to the tinkering that I do, I have found myself using GeekTool a lot to better provide a nice interface as well as functionality.

Currently I'm using some really nice and well built scripts from Peter Moller's called open ports (http://cs.lth.se/peter-moller/script/open-portssh-en/).

However after applying rules to Vallum, I've found that the log feature is so much more powerful that I have been looking around to see if I can interface Vallum Log's to GeekTool.

I've tried this 'tail -n 10 -f /Users/... user.../Library/Logs/vallum.log" on the desktop and it's fine however not being really code savvy I am at a loss as to how to get a similar output from the Vallum Log as Peter Moller has in his script or at least something similar as the generic log viewer provides.

Are you able to provide a sort of interface to allow that and if you manage to look at Peter Mollers script can you suggest for all of us how we may implement something similar as I see it as being really smart and neat to just have it sitting on the desktop as opposed to a screen floating around and having to be moved all the time.

Any ideas?

Cheers,


Return to “Vallum”

Who is online

Users browsing this forum: No registered users and 1 guest