Hacker News new | past | comments | ask | show | jobs | submit login

Yes, there is a kext.

Currently, it doesn't block non-app-bundle processes. The main reason for the app's existence is to block nosy apps that discreetly contact their home servers. I can't think of many (or any) terminal apps that do the same thing.




Why does it require/involves kext? I'm genuinely curious, since I thought OS X comes with powerful ipfw. Is it some stripped down version?


The main reason is to reduce the amount of dependencies to zero. I didn't want to enter the nightmare vortex of several applications managing a single firewall implementation.

Also, as I've lately been an embedded software guy, I saw no harm or fear in a little kernel code.


Is it possible to use ipfw / pf to control outbound traffic based on the process that is initiating the connection? I skimmed the man pages but didn't see anything that looked promising.


In addition to ipfw, Lion includes pf (off by default though, you need to modify a launchd plist to enable it).


Aren't kexts the main reason for upgrade issues between OSX versions?


Perhaps, but I'd say that it varies a lot. The kext here is more compatible with old versions than the UI.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: