Use built-in Groups and Services or create your own. Drag and drop Services and Groups to allow services and to assign access permissions. Choose between inclusive or exclusive filtering, fine tune all filtering rules, define the global filtering policy.
FEATURES
Firewall Logging
Choose the global logging policy, then define a per-service policy. This allows the user to set a fine-tuned logging policy in order to produce a very data consistent and informative log file. Watch video tutorial…
Dummynet Bandwidth Management
Create Dummynet Pipes and Queues to selectively limit download and/or upload bandwidth. These limits can be applied to managed services and NAT groups. Supports Worst-case Fair Weighted Fair Queueing policy (WF2Q+). Murus supports also custom bandwidth rules giving you all the freedom you need. Watch video tutorial…
Expanded PF Configuration
This view helps understanding the current PF ruleset. Rules are represented by icons and by text. Each rule features a dynamically generated comment that explains the rule's presence and purpose. Watch video tutorial…
Ports Management
Check and manage your local listening ports. This tool helps you configuring Murus giving you a view over your Mac current open ports. You can manage them manually or let Murus decide what to do.
Port Knocking
Hide your public services from port scanners and unauthorized access using port knocking. Use the free multiplatform Murus Knocker client to access hidden services from remote computers. Available for Mac, Linux and Windows. Watch video tutorial…
Adaptive Firewall
Protect your public authentication-based services from brute force attacks using adaptive firewall. Each service can be configured to limit the number of connections over time to prevent users to try to guess your services passwords.
Advanced Filtering
Advanced filtering options are grouped in a small popover view. Every option has an icon that appears also on services visual representation.
Predefined Presets
Starting a firewall configuration from scratch can be hard. Presets are a way to start very basic rulesets chosen from a small list. Each preset comes with a small description. Activate a preset and then modify it to suit your needs. Watch video tutorial…
Custom Rules
The Rule Assistant lets the user build a custom PF rule by selecting popup buttons and checkboxes. The advanced mode lets the user create a hand made rule.
Fully Customized Rulesets
For highly-specialized needs, the user can disable Murus' core ruleset infrastructure and enter this fine-grained PF configuration mode.
Realtime PF Browser
This view shows current runtime PF rules in a table based browser. Double click an anchor name or use the toolbar buttons to browse the PF ruleset anchors structure to display filtering, nat and forwarding rules.
NAT and Port Forwarding
Share your internet connection with other computers or smartphones and tablets using NAT. Define a per-client or per-group access policy, in order to block unwanted services. Export LAN services to the Internet with port forwarding.
Accounting
Monitor traffic on a per-user and per-service basis, for both inbound and outbound connections. Accounting can be applied to NAT clients as well.
PF States Inspector
List current connections and of all the corresponding active PF states. Inspect a state and see information about IP addresses, ports, and the rule that generated the PF state.
Hosts Inspector
Each service can be monitored in realtime to list the remotely connected hosts. Both inbound and outbound managed services can be monitored. Murus displays also dns, whois and geoip information about connected hosts.
Logs Statistics
Analyze PF firewall log files including archived files, and display statistics for addresses and ports. Inspect blocked/passed inbound and outbound traffic, set the amount of data to display and zoom in each port to see the list of blocked addresses.Watch video tutorial…
Realtime Logs and Notifications
Murus Logs Visualizer offers multiple ways to display realtime PF logs, including a simplified view of log entries. Each entry can be analyzed to display addresses, ports, statistics. Each inbound service can be configured to post notifications using the OS X notification system for both passed and blocked connections. Watch video tutorial…
Proactivity
Download publicly available lists of dangerous IP addresses to block all inbound and outbound traffic from/to these hosts. The list URL can be customized, you can choose your favorite provider.
Wizard
Let Murus analyze your Mac and manage the right services for you. The configuration wizards is the best way to start using Murus. Watch video tutorial…
Interfaces Management
List, inspect, monitor and manage all your network interfaces. This view displays all available interfaces with their BSD name. Information view displays PF counters and parameters. Traffic flowing through an interface can be sniffed and filtered for ports and protocols.
Country Groups
Create Murus groups for each country reading Regional Internet Registries records. Subnets lists are donwloaded from official sources and aggregated to optimize firewall performance. Murus lets you keep your Country Groups definitions up to date in just one click. These groups can be used as normal groups, they can be assigned to services, black list, or can be used to craft custom filtering and bandwidth rules.
Apps interactions
Murus can interact with its companion apps Murus Logs Visualizer and Murus Services as well as third party applications and scripts. You can select IP addresses in Visualizer and put them in Murus black list or in a new or existing Murus group. Or you can select a service you run on Murus Services, and define firewall rules in one click. Interaction with third party apps and scripts is granted by Murus Agent, a free and open source shell command that can be integrated in custom shell scripts or included in your Swift app source code.

