Most Mac users are unaware of the extensive outbound network activity their installed applications generate — telemetry data sent to developers, advertising identifiers transmitted to data brokers, usage statistics uploaded to analytics services, and in malicious cases, sensitive data exfiltrated to attacker-controlled servers. LuLu provides complete visibility into and control over this outbound communication through a kernel-level firewall that intercepts all outgoing connection attempts and presents them for user review and authorization. Developed by Patrick Wardle of Objective-See, one of the most respected macOS security researchers working today, LuLu brings professional-grade network control capability to all Mac users completely free of charge and with fully auditable open-source code that any security researcher can review for correctness and trustworthiness.
The user experience of LuLu centers on a notification-based workflow that surfaces new connection attempts in real time. When an application makes its first connection to a new host, LuLu displays a notification containing the application identity, the destination domain or IP address, and the port and protocol being used, allowing you to make an informed allow or block decision that is stored as a persistent rule for future connections. The rule management interface provides a complete view of all configured rules, allowing review and modification of previous decisions as your understanding of application behavior and trust levels evolves. The ability to block specific domains while allowing others from the same application provides fine-grained control that distinguishes between legitimate functionality connections and tracking or advertising traffic.
LuLu's value extends beyond privacy protection into genuine security capability. Malware that has compromised a Mac system must eventually communicate with command-and-control infrastructure to receive instructions or exfiltrate collected data, and this outbound communication represents a detection opportunity that LuLu is positioned to catch. When an unknown process or a legitimate application behaving unexpectedly attempts a suspicious outbound connection, LuLu's alert provides a notification that something requires investigation. The open-source development model means that the security community can verify the firewall's effectiveness and the absence of vulnerabilities or backdoors in its implementation, a critical assurance for a security tool operating at the kernel level. For privacy-conscious Mac users, LuLu OSX is the definitive free outbound firewall solution.
- Block unauthorized outgoing network connections from any application
- Real-time connection alerts with allow/block decisions per application
- Persistent rule management for approved and blocked applications
- Completely free and open-source developed by security researcher Patrick Wardle
- Minimal system impact with lightweight background operation
- View active network connections by process with destination details
- Block known malicious domains and suspicious connection attempts
- Apple Silicon native support with full macOS Ventura and Sonoma compatibility
- Simple allow/block rules with per-domain and per-process granularity
- Developed by Objective-See, a trusted macOS security research organization
LuLu is completely free and open-source, available from Objective-See's website and GitHub. Compatible with macOS 11.0 Big Sur and later with native Apple Silicon support. Source code is available on GitHub under an open-source license for review and contribution.