To aswer my own post then, after some fiddling
🙂
Would recommend Vallum to anyone, hands down.
- Very, very lightweight; compared to other, apparently "staple" apps in this category (which i've tried and promptly uninstalled, what are you people buying, seriously), i'd rank it first in terms of resources-to-function ratio.
Even with constant traffic monitoring activated (which is optional and frankly not really a necessity anyway) i cannot tell any difference in terms of the MacBook's overall responsiveness/snappiness, at all. And this is on a humble M4 MBA.
To showcase, CPU and RAM respectively:
- In terms of function:
a) It is a very, very robust, proper application-level Firewall. Tried to trick it (i don't think this is the forum for this, i'll get banned for expanding on this one, very overzealous over here, the mods) and couldn't
🙂
b) It can be as simple or as complicated as you wish it to be; up to you how you define your rules, if you define any rules, if you simply 'allow'/'deny' apps individually, 'allow' or 'deny' in inbound or outbound, overall, or for specific IPs for each, or a group of them; by specifying or by regex, no problem. For example i am allowing certain Apple daemons through their processes, while simultaneously cherry-picking the outbound connections they're making; analytics, blocked, the rest allowed.
It's really up to you, you could keep it nice and simple and thus utilise it without any knowledge/time invested.
c) very well thought of in terms of how it's set up.
Real-time monitoring is separate so it can be de-activated if you wish, privacy was clearly a concern, with the relevant options, even while installing the app, before it runs for the first time.
All the options/preferences i could think of are already available.
d) They have a help page in their website listing most available functions, will get you started if you need directions.
e) being a proper ap-lvl fw, it blocks/allows everything; hinted at this before, but that includes Apple's own processes. Want to block Siri from phoning home? Block the Knowledge(d) and MacOs Update deamons from touching base? No problem.
f) does the job and then some; personally, i was impresed
🙂
Am also pasting two screenshots, one from the main UI, one from the traffic monitor, so you can see what it looks like; as should be evident from the pics, the app also fully supports OS-induced 'dark modes'.
The actual Vallum firewall UI:
The Vallum network traffic UI:
* As an aside, having the odd look in the flow monitor can be very interesting, i had no idea how often this thing calls home. Or to be frank, how needlessly often. A ton of traffic mini-bursts; for someone new to Macs such as myself, it can also be very educational, actually learned things looking at this.
