0

I have my pfctl enabled on my Mac and after I restart my laptop it's disabled. I noticed that sometimes when the laptop boots into Desktop the pfctl is enabled and then it gets disabled.

How can I find out what app/service/... is disabling the pfctl? Is there a log file for this (and where is it located)?

Is there a better alternative to pfctl so I can block some ports?

I only have couple of apps that start immediately: docker, istats, open vpn, express vpn, tunnelbrick, alfred4, Kitematic, Logitech mouse app

Improve this question

1 Answer 1

Reset to default
0

You can check Lulu firewall https://objective-see.com/products/lulu.html.

Network Monitoring B y design, LuLu only monitors for outgoing network connections. Apple's built in firewall does a great job blocking unauthorized incoming connections.

Rules Currently, LuLu only supports rules at the 'process level', meaning a process (or application) is either allowed to connect to the network or not. As is the case with other firewalls, this also means that if a legitimate (allowed) process is abused by malicious code to perform network actions, this will be allowed.

Single User For now, LuLu can only be installed for a single user. Future versions will likely allow it to be installed by multiple users on the same system.

Self-Defense Legitimate attackers/security professionals know that any security tool can be trivially bypassed if specifically targeted - even if the tool employs advanced self-defense mechanisms. Such self-defense mechanisms are often complex to implement and in the end, almost always futile. As such, by design LuLu (currently) implements few self-defense mechanisms. For example, an attacker could enumerate all running processes to find the LuLu component responsible for displaying alerts and terminate it (via a sigkill).

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .