NuAppFirewall: An Open-Source macOS Application Firewall for Corporate Security

Bianca Pachêco; Carolina Suyungütmüs; José Truta; Vinicius Delgado; Walber Araújo; João Brunet; Manoel Domingues Junior; Angela Melo

doi:10.5753/sbseg_estendido.2025.12041

Bianca Pachêco UFCG
Carolina Suyungütmüs UFCG
José Truta UFCG
Vinicius Delgado UFCG
Walber Araújo UFCG
João Brunet UFCG
Manoel Domingues Junior Nubank
Angela Melo Nubank

DOI: https://doi.org/10.5753/sbseg_estendido.2025.12041

Abstract

Managing network access is essential to ensure the security of both users and corporate ecosystems. On macOS, this control is implemented through Content Filters in firewall applications. However, the state of the practice consists mainly of proprietary consumer tools, while open-source alternatives lack the modularity needed for enterprise adoption. This paper introduces NuAppFirewall, an open-source application firewall developed and deployed in production at Nubank. It includes more than 250,000 automatically generated rules for macOS applications, derived from Nubank’s validated accesses, providing a security foundation that other organizations can leverage for their own implementations.

References

Apple (2025a). Network extension documentation. Available at [link]. Accessed: 24/01/2025.

Apple (2025b). System extensions documentation. Available at [link]. Accessed: 24/01/2025.

IBM (2025). Mobile device management. Available at [link]. Accessed: 27/01/2025.

Nubank (2024). Nubank. Accessed: 2024-02-13.

Objective Development (2025). Little snitch. Available at [link]. Accessed: 29/01/2025.

Objective-See (2025). Lulu - the macos firewall. Available at [link]. Accessed: 29/01/2025.

NuAppFirewall: An Open-Source macOS Application Firewall for Corporate Security

Abstract

References

Most read articles by the same author(s)