To keep track of which applications connect to the Internet and when, an external tool is necessary. While macOS’ built-in firewall blocks incoming connections, it does not provide control over outgoing traffic. With small additional tools, users can prevent unauthorized data from being sent from the Mac to the Internet.
Keeping outgoing network traffic under control in macOS
Well-known examples are the open source firewall LuLu, the paid application Little Snitch or the Paragon Firewall.
Using the open source firewall LuLu
If you rely on an external firewall to check outgoing data traffic, you can use LuLu. Before installing it, however, you should make sure that the respective version is compatible with the installed macOS version. The macOS version is displayed by the Mac after clicking on the apple icon and selecting “About this Mac”.
Versions up to 2.2.0 of LuLu currently only support macOS 10.15 (Catalina). Those who rely on macOS 11.x (Big Sur) should go for a more recent version that is officially released for Big Sur. However, users willing to experiment can also install version 2.2.0 of LuLu on macOS 11.x. In our tests, the operation worked quite well. In case of problems, the firewall can also be uninstalled quite easily.
After installing LuLu, the administration program is started first. Here, for example, you can specify that Apple programs are automatically allowed and, on request, the already installed programs. If these options are deactivated, it must be expected that a lot of programs are reported, especially at the beginning of the use of LuLu. The more rules have been created, the fewer messages LuLu displays. These settings can be reached also after the installation of LuLu over the menu option “Preferences”. These can be accessed via the LuLu icon in the menu bar.
As part of the initial setup, the integration of LuLu must also be permitted in the system settings. When the product is uninstalled again, macOS also deletes LuLu’s rights from the system.
After that, LuLu already starts filtering. For each program that tries to establish an Internet connection, a window with detailed information appears. Here the traffic can be allowed with “Allow” or blocked with “Block”. If access is to be allowed only temporarily, the “temporarily” option is available.
The LuLu rules can be called up via the LuLu icon with the menu item “Rules”. Here, access can be adjusted again at any time or rules can be deleted. If the application tries to access the Internet again, LuLu displays a window again and the user can decide whether to allow access to the Internet.
After starting LuLu, the settings can be accessed via the LuLu icon in the menu bar. LuLu can also be uninstalled via the icon. If other users are working with the Mac, the LuLu icon can also be hidden. The option for this is located at “Preferences\mode” and the selection of “No Icon Mode”.
Using the network monitor in LuLu
The LuLu network monitor can also be called up via the icon in the menu bar. The menu item “Network Monitor” is available for this purpose. Here you can see the network connections in real time, including their IP address.
If the messages from LuLu are too much for you, you can call up “Preferences” via the menu bar and the LuLu icon. Under “mode”, “Passive Mode” is available here. After activation LuLu does not show any messages and allows all new connections. However, the created rules are still applied. With “Block Mode” LuLu blocks all connections.
Use Paragon Firewall as an alternative
A well-known alternative to LuLu is Paragon Firewall. This is available via the Mac App Store. The firewall costs 11 euros in the App Store and works similarly to LuLu. Installing it via the app store makes it easier for beginners. The interface is a bit more understandable than that of LuLu. However, if you are familiar with LuLu, you will quickly get to grips with it as well.
Little Snitch – Firewall for macOS 11.x
The well-known firewall Little Snitch is also available for macOS 11.x (Big Sur). Those who use Little Snitch 4 may upgrade to version 5 for free, as long as their license is not older than November 2020. New customers pay a one-time fee of 45 euros for a license. Current versions for macOS 10.x (Catalina) and 11.x (Big Sur) are available for download on the download page.
The providers also provide a free demo that can be tested for a while. Those who decide to license Little Snitch to enter the license key in the program, and can thus continue to use the installed demo version without having to reinstall the product.
In addition to an application firewall, Little Snitch also offers a network monitor. The network monitor also shows where packets are sent. After installation, icons for management are available in the menu bar. Here, the network filter can be deactivated or the rules can be called up. The settings of Little Snitch are also available here.