This chapter explains Network Monitor GUI elements.
The main menu shows your added or connected applications, their details and their settings. A new record appears in the list when your organization is trying to connect to a previously unknown application. Alternatively, you can click the Plus button to add applications to the firewall manually. The following describes the Network Monitoring main menu:
1 – Application Details
- Last application access time
Note: Allowed and blocked connections are not displayed separately.
2 – Current Connection Rules
This option allows you to set up rules to block or allow app connections. Refer to the Network Filter(Firewall) chapter for more details.
Backlog idea: add the <Meta-rule> element to the Connection rules list. This value would be set for all applications that are not configured by the user. The value would be determined by the current filter mode, for example, “Silent – Blocked”, “Silent – Allowed”.
Therefore, the user would understand which applications may require additional attention.
It is also a good idea to add the ability to save the config. For example, the user likes their current configuration. However, there is a suspicion about one application and this user wants to experiment without configuring the whole list. This user saves the config with a single click, clears the list, experiments with configuration, loads the config. Saving a configuration would serve as the “backup config” option.
3 – Network Filter Control Panel
This enables you to switch on/off the firewall and choose a firewall mode. Refer to the Network Filter(Firewall) chapter for more details.
4 – Sort-Search Filter
This section provides options to sort or filter applications and the search box to find a specific application.
Network Filter (Firewall)
This chapter describes Network Filter (Firewall) GUI elements.
Single App Network Filtering
1 – Connection Rule Options.
These options allow you to control application network activity. These options include the following values:
Allow: allows all network activity to a selected application (IN/OUT).
Block: blocks all network activity to a selected application (IN/OUT). Note that a blocked attempt to establish connection will be also displayed in Application details (Last access).
2 – Removing application connection records.
By clicking the X button you can remove an application connection record from the Firewall. Thus, the application becomes “unknown” and its rules are removed.
With the next attempt to connect to a removed application, it will appear in the list and the configured meta-rules according to a selected mode will be applied (Silent1/Silent2/Alert).
Stopping and Launching Network Filter
The following describes the Stop and Launch mode of Network Filter:
Network Filter Launch Mode:
- Individual application rules apply.
- Meta-rules are applied corresponding to your selected Firewall mode.
All rule changes configured in the Launch mode will take effect immediately.
Network Filter Stop Mode:
- None of the blocking rules apply.
- Any network activity is allowed.
- While Network Filter is disabled, all applications are in the “Monitor-only” mode.
All configured changes during the Stop mode will take effect after switching to the Launch mode
Network Filter Modes
Network Filter Modes define meta-rules that will be used to process unlisted application connections.
Unlisted apps represent applications that do not have configured Network Filter connection rules.
The following describes every Network Filter mode:
- Silent mode – All new apps allowed
Connections from unknown applications are allowed automatically.
- Silent mode – All new apps blocked
Connections from unknown applications are blocked automatically.
- Alert mode – Get alerted on new apps
When an unknown application is connected, the user is notified with a dialog box and pop-up notification. Refer to Network Filter Alert Mode for more details.
Network Filter Rules Processing
Network Filter Stop Mode:
No rules apply.
Network Filter Launch Mode:
Configured application connection rules apply.
If such rules are not configured for an application, current Network Filter mode rules are applied to the application.
Network Filter Alert Mode
When an unknown application is connected, the user is notified with:
- Dialog box.
- Pop-up notification.
Note that all connections from such applications are blocked until the user responds to such requests and allows these connections.
Note: Pop-up notifications will not be included in the first release scope and will be added later.
The following describes the dialog box content:
- Application name and its icon.
- Connection information (without address and port)
- The Block and Allow buttons
- Applying Block/Allow action modes: always allow/block or any other condition.
The current scope includes the “always” mode
While waiting for a user to respond, an unlisted application may try to initiate other connections. In this case:
- Every single connection attempt is not displayed visually (the user sees only the first dialogue box and one pop-up notification).
- Connections are blocked until the user responds to the request.
- A selected action applies to an entire application.
While waiting for a user to respond, another unlisted application may try to initiate a connection. In this case, the user will receive another dialog box and another pop-up notification.
Every application configuration done via the Alert mode is considered as a Network Filter connection rule (Network Monitor → Current connection rules).
The standard OS X menu bar element for the application (tray) on the right side of the bar, next to the clock icon allows you to access the key Firewall functions without interacting with the main application graphical interface.
For FirewallApp, it indicates:
1. Whether the Firewall is running or not (the Launch or Stop Network Filter modes).
2. Menu with the following information, buttons and options is available by clicking the tray icon:
- Launch or stop Network Filter
- Network Filter mode selection
- Preference menu access
- About button
- Traffic statistics for the last 24 hours and general statistic of your current Network Filter rule (the number of allowed and blocked applications at this moment).
3. Additional features:
- Navigate with your mouse cursor to a tray icon (without clicking) to display the main menu. Remove your cursor to minimize the window.
- Options to add/remove application to tray – in the application settings window
Menu bar icon
Menu bar icon – displays the current application status or Network Filter mode:
- Launch/Play icon – indicates that FirewallApp is stopped.
- The icon that shows your selected Network Filter mode – shows that FirewallApp is running.
Type: Menu Bar icon (menu bar extra)
Action: Click to display the main menu
Type: Menu Item
Action: Shows a submenu with Network Filter modes
Type: Menu Item
Action: Toggled Menu Item:
Click to launch/stop the Network Filter. The button will change its text accordingly