Free Mac firewall: LuLu or FireWally?

Methodology for comparing macOS firewalls

Test environment: macOS Tahoe 26.4.1 • MacBook Pro, Apple M1, 8 GB RAM
Versions tested: LuLu v4.3.1 • FireWally v1.1

I tested both under the same conditions in real daily use, without synthetic benchmarks or artificial workloads. Cold system startup, browser sessions, launching unfamiliar apps, and a full workday of background monitoring.

Both apps shared the same technical foundation, Apple’s Network Extension framework, which means they had identical access to outgoing network traffic.

LuLu firewall: Free outbound interceptor

	Price: Free ($0)
	macOS compatibility: 10.15 Catalina and newer
	Mac chip support: Intel and Apple Silicon
	Control type: Alert-based, per-connection

LuLu is a free, open-source outbound firewall. First released in 2018, LuLu has become the default recommendation in security-conscious communities.

Its goal is to block unknown outgoing connections until the user approves them. So, when any process on your Mac tries to reach the Internet, and LuLu has no rule for it, the connection stops, and you get a pop-up.

You then decide: Allow or Block. That decision turns into a rule and LuLu stops asking about the same process. The alert shows the process name, the destination IP or domain, and a code signing info button that lets you verify who published that process.

LuLu is also the only free Mac firewall that lets you block a specific subprocess while leaving its parent application running. You can block com.apple.WebKit.Networking.xpc without touching Safari itself.

How LuLu works

To track and control the network activity, LuLu installs a network monitor filter and system extension that sits between every app on your Mac and the Internet. When any process attempts an outgoing connection that hasn’t been explicitly allowed to make, LuLu intercepts it and shows you an alert, before the connection goes through.

The flip side: every new connection requires a decision. On the first install, that means a heavy alert load: every background process, system service, and app that tries to go online generates a pop-up until you build a baseline ruleset.

As you launch it, it will ask you to set your rules:

• Allow Apple Programs
• Allow Already Installed Programs
• Allow DNS Traffic
• Allow Localhost Traffic
• Allow Simulator Programs

You can also use modes:

• Passive Mode
• Block Mode
• No Icon Mode
• No VirusTotal Mode

For example, switching to Passive Mode in the app window means it will monitor all connections without blocking anything.

LuLu also lets you manage Block and Allow Lists, and even create profiles, which can be used for different scenarios.

LuLu features

• Alert-based blocking: every unknown outgoing connection triggers a prompt before it goes through
• Per-process granularity: block individual subprocesses, independently from their parent app
• Per-connection rules: create rules by IP address, domain, port, or protocol
• Code signing info: one click in any alert reveals the certificate and publisher of the process, helping you identify unknown connections
• Rules viewer: browse, edit, and delete all saved allow/block rules from the app window
• Passive mode: monitor all outgoing connections without blocking anything
• Export/import rules: back up your ruleset as a .plist file
• Netiquette integration: launch the network monitor directly from LuLu for a live view of all active network connections
• Homebrew support:

  brew install –cask lulu

  Copy

• Automatic DNS trust: DNS traffic is allowed by default (can be changed)

LuLu performance

• RAM usage: lightweight as FireWally
• CPU impact: negligible in steady state; no measurable performance degradation reported in developer documentation or independent testing
• Time to first alert: instant, the moment an unknown process attempts to connect
• Alert flood duration: 1-2 days of active use to build a working ruleset

Pros and cons of choosing LuLu

FireWally: Free Mac app blocker

	Price: Free ($0)
	macOS compatibility: 13 Ventura and newer
	Mac chip support: Intel and Apple Silicon
	Control type: Toggle-based, per-app

FireWally is a free macOS firewall and network monitor by Nektony. It launched on December 13, 2025, via the Mac App Store. App Store rating: 4.9 stars (May 2026).

FireWally takes a different approach from LuLu: instead of intercepting connections and demanding decisions in real time, it gives you visibility into all outgoing traffic and lets you block apps and processes when you choose to. No popups, no decisions mid-task.

How FireWally works

FireWally runs quietly in the background without interrupting you. When you want to see what your Mac is doing on the network, you open the app. You get a live list of every application that’s making network connections, with inbound and outbound traffic.

FireWally shows a live list of apps with network activity. Three views:

• Real-time: last 5 seconds
• Hour (current hour summary)
• Today (current day total)

Toggle next to each app: blue means allowed, gray means blocked. One tap cuts an app off from the network, and the block takes effect within one to two seconds.

FireWally shows all active apps and their traffic when you open it, no setup required.

Apple Intelligence summaries are the standout feature. Tap the AI button next to any app and FireWally will tell you why that app connects to the internet. Not just “connection” but an actual description of what the app is doing. The tool generates summaries instantly and runs on-device; nothing goes to a server. This is available for users who run Tahoe+.

com.apple.telemetry.agent

FireWally features

• Real-time monitoring: live view of all apps with network activity, updated every 5 sec
• Hourly and daily stats: traffic breakdown per app for the current hour and current day
• One-click blocking: a single toggle restricts network access for any app instantly
• AI summaries: explains why an app is connecting and what it’s likely doing, powered by on-device Apple Intelligence; requires macOS Tahoe + M1 or newer
• Pin window: keep the FireWally window on top of all other apps
• Menu bar icon: quick access from the menu bar without switching apps
• Privacy-safe design: measures traffic volume only; does not read packet contents
• Hotspot and data plan support: per-app traffic stats make it helpful for managing mobile data usage
• App Store sandbox distribution: App Store delivery adds a layer of security verification not present in DMG-distributed apps

FireWally performance

• RAM usage: ~60 MB in active state
• CPU: less than 0.1% in background and brief spikes to 2-4% when active
• Real-time update interval: every 5 seconds, enough to catch background activity but not granular enough for very short-lived connections
• Block reaction time: 1-2 seconds from toggle to full network cutoff
• AI summary generation: immediately; runs locally, no data sent to the cloud
• Network speed impact: Network Extension runs at the filter layer, not as a proxy

Pros and cons of choosing FireWally

Final verdict: Choose your free firewall for macOS

LuLu and FireWally are great free tools that control outbound traffic, but they target a different audience and stand on different core principles.

Different audience:

Various core principles:

Choose LuLu if:

• You want to approve or block every outgoing connection, including system processes
• You’re on macOS 10.15 through 12, or on a Mac where FireWally won’t run
• Per-connection rules (IP, domain, port) matter to your setup

Choose FireWally if:

• You want visibility into what’s connecting without constant interruptions
• One-tap blocking without managing rules is what you’re after
• You’re at least on Tahoe with an M1 chip and want AI-powered explanations
• You use a hotspot or cellular plan and want per-app traffic stats