Murus Review - User-Friendly Front-End for the OS X Firewall

excellent
key review info
  • Application: Murus 1.3.5
  • Reviewed on:
application features
  • Powerful and competent front-end for the OS X PF firewall
  • (2 more, see all...)

OS X integrates a network firewall that can be configured via the shell Terminal and a more user-friendly application level firewall that can be handled via the System Preferences, yet has rather limited personalization options. Murus brings greater control over the OS X PF (Packet Filter) firewall without making you deal with the command line.

Within the OS X System Preferences, you get to activate the OS X ALF (short for Application Layer Firewall) and choose to block all incoming connections except the ones related to basic Internet services, to automatically allow incoming connections from signed software, or to toggle the stealth mode. Moreover, you get to decide if you want to allow or block incoming network connections on an application level.

Unfortunately, this is not enough when connecting to the internet through untrusted networks. The OS X built-in PF firewall is quite robust and can handle more complex configurations, as long as you are willing to read the technical documentation and make the necessary adjustments via the Terminal application.

This is where Murus comes in and brings all the power of PF within a user-friendly graphical user interface while also packing configuration presets with comprehensive explanations for inexperienced users. The utility enables you to define firewall rules for different network services with simple drag and drop gestures and by checking boxes instead of typing shell commands.

Configure the OS X firewall using different strategies and apply predefined presets aimed at beginners

If you are a novice when it comes to bullet proofing your network connection to the internet, Murus provides a configuration wizard that adapts to the user knowledge level: novice, intermediate, or expert. The novice mode comes with 7 presets that have different degrees of security: read the built-in description to decide which one is suitable for your current situation.

Within the Murus Strategy panel you can choose one of the predefined configuration presets based on the security level you need
Within the Murus Strategy panel you can choose one of the predefined configuration presets based on the security level you need

The best part is that Murus also adapts the approach and terminology for each configuration standard: the novice wizard integrates lengthy explanations for each feature, yet the intermediate and expert layouts skip over describing basic concepts.

On short, you must control the internet access for essential services, decide how you want to handle inbound and outbound filtering, what to do with open ports, and so on. Note that some of these settings block both inbound and outbound services, so make sure that is what you want.

The built-in presets come in very handy, but Murus also integrates a Quick Start guide and more extensive documentation that can take you through everything you need to know. The manual can show you how to put in place advanced traffic filters, how to share your internet connection, or how to manage the bandwidth usage.

Manually define firewall rules via drag and drop, without dealing with the command line

Murus comes with an extensive collection of predefined configurations for various network services aimed to cover most situations, but you can also define custom services and assign them port numbers and protocols. To have a service connection automatically controlled by the PF firewall, just drag and drop the associated icon on top of the Murus inbound or outbound management area.

The Murus main window where you get to see the inbound network services that will be handled by the PF firewall
The Murus main window where you get to see the inbound network services that will be handled by the PF firewall

At the same time, Murus allows you to define groups of IP or network addresses and decide which ones make it to the allowed or blocked list of each service. If anything goes wrong, Murus helps you restore the default firewall configuration through the Strategies panel.

All these modifications will not be activated in real-time: when you are done with the PF configuration, Murus can test the validity of your settings and then you can proceed to activate the firewall.

Worth mentioning is that Murus offers you the possibility to save the current configuration as a preset which you get to import and apply in no time. As a result, you have the option to store personalized configuration files for home and work, for example, and put them in place whenever you want, with minimal effort.

Additional Murus tools work together to provide a streamlined user experience, even if the configuration editor is not running

Besides the main Murus app that enables you to configure the firewall rules, the developer also offers a menulet app that will show the PF firewall status in your status bar, a logs visualizer that helps you monitor your network activity and has to be purchased separately, and a free Java port knocking client.

In addition, Murus can also install boot scripts that will automatically launch the firewall on startup and also enable the PF logging function without user interaction.

In terms of resources usage, on a 2.4GHz Intel Core 2 Duo iMac with 6GB of RAM, Murus used up to 26% CPU power and about 100MB RAM while manually configuring the firewall settings. The memory usage remained the same when the app was not actively used, yet the CPU usage dropped considerably.

However, take into consideration that you do not have to keep Murus running for the PF firewall rules to apply: once loaded, the configuration files will handle the firewall behavior even if you quit the app. You can use the menulet to monitor the PF status and to quickly launch Murus if you need to change the configuration preset.


The Good

Configuring the OS X PF firewall without a front-end is nearly impossible if you don’t have extensive command line skills, or at least quite time consuming even if you are in your element when working with the Terminal.

Murus changes the game by enabling you to configure the PF firewall via a straightforward graphical user interface that also packs predefined presets featuring different security levels.

Tasks like defining new packet filtering configurations for network services on top of the default ones, or managing the inbound and outbound access for different user groups can be performed by anyone without having to learn code syntax or shell commands.

Advanced users get to manually configure the firewall rules and set up more complex filters, but everything is still done in a visual manner, by dragging and dropping items, checking boxes, and so on.

The Bad

What Murus brings to the table is ease of use and fast firewall management capabilities. Regarding functionality, it relies wholly on the OS X PF firewall. This being said, running the Murus utility for the first time can be quite disconcerting since you are solely met by the app’s main window.

Of course, you get to find the Quick Start Guide, the configuration strategies, and even the extensive manual, but only after you start investigating on your own. A welcome screen taking the users through the basic concepts, or at least having the Strategies panel launched by default could go a long way.

The Truth

Bottom line, Murus is a reliable solution for handling your OS X's PF firewall configuration in a time-efficient manner, without having to rely on any advanced technical skills. Murus helps you define various firewall configurations depending on your location and on the network’s safety level and switch between them with minimal effort.

Even though Murus is extremely easy to use when comparing it to going through the command line, the app is still quite complex and navigating all the functions might prove challenging if you haven’t tried to configure a firewall before, so taking a look at the built-in documentation is advisable.

user interface 5
features 5
ease of use 4
pricing / value 5


final rating 5
Editor's review
excellent
 
NEXT REVIEW: Inspire Finance

Photo Gallery (21 Images)

The Murus main window where you get to see the inbound network services that will be handled by the PF firewallThe Murus service configuration panel where you can set the allowed and blocked groups and make further adjustmentsMurus offers you the possibility to define custom network services and new IP or network addresses groupsMurus can also handle the outbound connections and you get to see all connected hosts and portsMurus integrates bandwidth management capabilities and you get to manually define traffic rules
+16more