# objective-see/LuLu

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/objective-see-lulu).**

12,024 stars · 547 forks · Objective-C · gpl-3.0

## Links

- GitHub: https://github.com/objective-see/LuLu
- Homepage: https://objective-see.org/products/lulu.html
- awesome-repositories: https://awesome-repositories.com/repository/objective-see-lulu.md

## Description

LuLu is an open-source application firewall designed for macOS that monitors and controls outgoing network traffic. It functions by intercepting connection attempts at the system level, allowing users to approve or deny network access for individual programs to prevent unauthorized data transmission.

The software provides granular control over application-level communication, ensuring that only trusted or explicitly permitted software can establish external connections. By maintaining stateful tracking of network flows and validating the cryptographic signatures of requesting binaries, it protects system privacy and prevents malicious software from performing unauthorized data exfiltration or establishing command and control communication.

The system operates through a combination of kernel-level socket filtering and a user-space policy daemon that evaluates connection requests in real time. It is distributed as an open-source utility, providing a transparent interface for managing network security policies and monitoring active outbound traffic on the host operating system.

## Tags

### Security & Cryptography

- [Firewalls](https://awesome-repositories.com/f/security-cryptography/firewalls.md) — Monitors and blocks unauthorized outgoing network connections to protect user privacy and prevent data exfiltration.
- [Firewall Configurations](https://awesome-repositories.com/f/security-cryptography/firewall-configurations.md) — Provides granular network access permissions for individual programs to ensure only trusted software can communicate over the internet.
- [Outbound Network Blockers](https://awesome-repositories.com/f/security-cryptography/network-infrastructure-security/web-network-security/network-security/network-routing-access-control/network-access-controls/outbound-network-blockers.md) — Prevents malicious software from establishing command and control connections or exfiltrating data from a compromised computer system.
- [Binary Verification Tools](https://awesome-repositories.com/f/security-cryptography/binary-verification-tools.md) — Validates the cryptographic signatures of requesting binaries to ensure only trusted software can establish network connections.
- [User Privacy Protection](https://awesome-repositories.com/f/security-cryptography/user-privacy-protection.md) — Detects and blocks suspicious background processes that attempt to transmit sensitive user data without explicit permission.

### Development Tools & Productivity

- [Network Security Utilities](https://awesome-repositories.com/f/development-tools-productivity/macos-utilities/network-security-utilities.md) — Controls and monitors outgoing network traffic on macOS to prevent unauthorized applications from sending data to external servers.
- [Network Traffic Interceptors](https://awesome-repositories.com/f/development-tools-productivity/extension-apis/system-api-extensions/network-traffic-interceptors.md) — Uses a system-level API to intercept and inspect network traffic packets before they leave the host operating system.

### Networking & Communication

- [Network Traffic Rules](https://awesome-repositories.com/f/networking-communication/network-traffic-rules.md) — Approves or denies access for specific applications to prevent unwanted data transmission and ensure only trusted programs communicate externally. ([source](https://objective-see.com/products/lulu.html))
- [Flow Tracking Engines](https://awesome-repositories.com/f/networking-communication/network-connection-detectors/connection-states/flow-tracking-engines.md) — Maintains an internal table of active network flows to correlate individual packets with specific application processes and security policies.

### DevOps & Infrastructure

- [Connection Monitors](https://awesome-repositories.com/f/devops-infrastructure/cloud-infrastructure/networking-connectivity/connection-monitors.md) — Alerts users to unauthorized attempts by applications to establish network connections, maintaining control over sensitive data leaving the device. ([source](https://objective-see.com/products/lulu.html))

### Operating Systems & Systems Programming

- [Kernel-Level Traffic Interceptors](https://awesome-repositories.com/f/operating-systems-systems-programming/kernel-core-internals/operating-system-kernels/kernel-mode-interception-mechanisms/kernel-level-traffic-interceptors.md) — Hooks into the operating system networking stack to monitor and control connection attempts at the kernel level.

### System Administration & Monitoring

- [Traffic Monitoring Tools](https://awesome-repositories.com/f/system-administration-monitoring/traffic-monitoring-tools.md) — Alerts users to network activity initiated by installed programs to ensure only trusted applications communicate externally.