Use Murus Assistant to configure and enable pf in a few clicks, or chose one of the predefined configuration profiles. Create your own configurations library and switch between configurations with a mouse click.

Creating firewall rules is easier than ever, simply add Services to Inbound or Outbound managed services then select their policies from a popup button. Everything can be customized: you create your own services and groups, and all services can be configured using a dedicated ruleset using custom rules.

Select a global logging policy, then define a per-service policy. This allows the user to set a fine-tuned pf log policy in order to produce a very data consistent and informative log file. Log is stored in a sqlite database.

Create Dummynet Pipes and Queues to selectively limit download and/or upload bandwidth for inbound and/or outbound connections.  Supports Worst-case Fair Weighted Fair Queueing policy (WF2Q+). Bandwidth limits can be applied to managed services or using custom Dummynet rules giving you all the freedom you need.

Murus 2 ruleset structure is now much more clear and easy to understand. The overview represents current pf ruleset tree structure and is always easy to understand why a rule is there and what’s its purpose.

Murus checks your local listening ports and lists all unmanaged ones. This helps you configuring Murus giving you a view over your Mac currently running network services. Thus, you can easily decide which network services you want to allow or block. Additionally, you can tell Murus to pop up a notification in case a new, unknown network service is started.

Hide your public services from port scanners and unauthorized access using port knocking. Use the free multiplatform Murus Knocker client to access hidden services from remote computers. Available for Mac, Linux and Windows.

enable adaptive firewall for supported tcp services in order to block brute-force attacks. Subscribe online blacklists services and have them automatically updated. Interact with external tools such as SSHGuard to manage dynamic black lists.

Share your internet connection with other computers or smartphones and tablets using NAT. Define a per-client or per-group access policy, in order to block unwanted services. Export LAN services to the Internet with port forwarding.

Murus offers several way to monitor your system. You can keep track of current connections using the pf states monitor. You can monitor runtime pf rules, tables and counters. You can see real time pf log or browse/search log database. Additionally, you can tell Murus to notify when a new listening port is found or when a specific connection is passed or blocked.