Open Source Mac Firewall Software
Sort By:
Firewall Software for Mac
View 16 business solutionsBrowse free open source Firewall software and projects for Mac below. Use the toggles on the left to filter open source Firewall software by OS, license, language, programming language, and project status.
-
Forever Free Full-Stack Observability | Grafana CloudBuilt on open standards like Prometheus and OpenTelemetry, Grafana Cloud includes Kubernetes Monitoring, Application Observability, Incident Response, plus the AI-powered Grafana Assistant. Get started with our generous free tier today.
-
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
1
VTun is the easiest way to create Virtual Tunnels over TCP/IP networks with traffic shaping, compression, and encryption. It supports IP, Ethernet, PPP and other tunnel types. VTun is easily and highly configurable. VPN, Mobile IP, Shaping, etc
-
2
Privoxy
HTTP proxy to block ads and customize webpages
Privoxy is a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data and HTTP headers, controlling access, and removing ads and other obnoxious Internet junk. Privoxy has a flexible configuration and can be customized to suit individual needs and tastes. It has application for both stand-alone systems and multi-user networks. -
3
UPnP PortMapper
Manage port forwardings via UPnP
The UPnP PortMapper can be used to easily manage the port mappings/port forwarding of a UPnP enabled internet gateway/router in the local network. -
4
PeerGuardian
PeerGuardian - a privacy oriented firewall application
PeerGuardian is a privacy oriented firewall application. It blocks connections to and from hosts specified in huge blocklists (thousands or millions of IP ranges). Its origin seeds in targeting aggressive IPs while you use P2P. PeerGuardian Linux: Not developed actively anymore. Team might still be around. Some unreleased changes on git. Outdated technology. Peerguardian OS X: Not developed anymore. We've lost contact with the OS X developer. PeerGuardian Windows: Not developed anymore. It's highly recommended to use PeerBlock instead, which is a continuation of PeerGuardian's development in Windows, with bug fixes and support for Windows Vista and Windows 7. Collaboration with peerblock.com is welcome! PeerGuardian is an open project. Not only is its source code open for you to read, use, and modify - but the project is open for you to join and contribute in any form (code, documentation, bug reports, web and support). -
Go from Code to Production URL in SecondsSkip the Kubernetes configs. Cloud Run handles HTTPS, scaling, and infrastructure automatically. Two million requests free per month.
-
5
CacheGuard Gateway
Free UTM appliance: firewall, VPN, WAF and antivirus in one ISO.
Securing your network should not require an enterprise budget. CacheGuard is a free open-source network security appliance for startups and growing businesses that need serious protection without the complexity. Install CacheGuard-OS on any x86 machine or VM and get a complete security gateway in under an hour. No plug-ins, no compatibility issues. Everything works out of the box. CacheGuard-OS is not an app, it IS the OS. A fully custom network appliance operating system built from scratch over 20 years, now fully open source. One ISO includes: firewall, VPN, web antivirus, URL filtering, SSL inspection, WAF, reverse proxy, load balancer and QoS. Free for any number of users. Optional paid support available. Source code: https://github.com/cacheguard/CacheGuard-OS Website: https://www.cacheguard.com/ -
6
Endian Firewall Community (EFW) is a "turn-key" linux security distribution that makes your system a full featured security appliance with Unified Threat Management (UTM) functionalities. The software has been designed for the best usability: very easy to install, use and manage and still greatly flexible. The feature suite includes stateful packet inspection firewall, application-level proxies for various protocols (HTTP, FTP, POP3, SMTP) with antivirus support, virus and spam-filtering for email traffic (POP and SMTP), content filtering of Web traffic and a "hassle free" VPN solution (based on both OpenVPN and IPsec).
-
7
Siproxd is a proxy/masquerading daemon for the SIP protocol. It allows SIP clients (softphones & hardphones) to work behind an IP masquerading firewall or router.
-
8
OPNsense
OPNsense is an open source, easy to use firewall and routing platform
OPNsense is an open source, easy to use and easy to build FreeBSD based firewall and routing platform. OPNsense includes most of the features available in expensive commercial firewalls, and more in many cases. Mission statement of the project: "Give users, developers and businesses a friendly, stable and transparent environment. Make OPNsense the most widely used open source security platform." -
9
LuLu
LuLu is the free open-source macOS firewall
LuLu is a free, open-source firewall for macOS developed by Objective-See. It blocks unauthorized outgoing network connections, allowing users to monitor and control which applications can transmit data externally. Designed for privacy and security, LuLu provides real-time prompts, rule-based filtering, and an intuitive interface, making it a valuable tool for Mac users seeking visibility over their system’s network behavior. -
Gemini 3 and 200+ AI Models on One PlatformBuild, govern, and optimize agents and models with Gemini Enterprise Agent Platform.
-
10
BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a web front-end to query and analyze the alerts coming from a SNORT IDS system.
-
11
SafeLine
Serve as a reverse proxy to protect your web services from attacks
SafeLine is a self-hosted WAF(Web Application Firewall) to protect your web apps from attacks and exploits. A web application firewall helps protect web apps by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web apps from attacks such as SQL injection, XSS, code injection, os command injection, CRLF injection, LDAP injection, XPath injection, RCE, XXE, SSRF, path traversal, backdoor, brute force, HTTP-flood, bot abuse, among others. By deploying a WAF in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine’s identity by using an intermediary, a WAF is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server. A WAF protects your web apps by filtering, monitoring, and blocking any malicious HTTP/S traffic traveling to the web application. -
12
jNetPcap - A Libpcap Java Binding
A java PCAP and DPI library
A java wrapper for popular "libpcap" and "WinPcap" libraries. Accurate full API translation. Packet buffers delivered with no copies. Send custom packets, gather statistics. Comprehensive and easily extensible DPI engine. -
13
Enables tunneling of network connections through restrictive HTTP proxies. Features: Portmapping, SOCKS4, SOCKS5, web-based admin interface, possibility to use standalone server (perl) or hosted server (PHP), optional authorization from LDAP or MySQL
-
14
OWASP ModSecurity CRS
OWASP ModSecurity Core Rule Set (CRS) Project
The OWASP ModSecurity Core Rule Set (CRS) is a curated, generic Web Application Firewall rule set that detects and blocks common attack categories across most web apps. It focuses on broad protection—SQL injection, cross-site scripting, local/remote file inclusion, command injection, and protocol violations—without requiring app-specific knowledge. Rules are organized into paranoia levels so operators can tune detection aggressiveness and balance false positives against coverage. An anomaly-scoring model accumulates rule hits per request, enabling nuanced blocking thresholds and easier incident triage. The project ships with extensive documentation, exclusion packages, and testing tools to help tailor deployment for frameworks, CDNs, and APIs. Deployed on engines such as ModSecurity or compatible WAFs, CRS is a widely used baseline for HTTP security in reverse proxies and gateways. -
15
ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.
-
16
SonicReader
Sonicwall Configuration File Reader
SonicReader is used to view and save reports of the internals of a Sonicwall Configuration file. This is useful for those people that wish to know the settings within their saved Sonicwall Configs. I have no affiliation with Dell Sonicwall. Please do not contact Dell Sonicwall regarding the use of this program. -
17
Netdeep Secure Firewall
Next Generation Open Source Firewall
Netdeep Secure is a Linux distribution with focus on network security. Is a Next Generation Open Source Firewall, which provides virtually all perimeter security features that your company may need. It offers Web content filters, ensuring better performance of the network, allowing users to use the service efficiently and securely, providing a deep control of the use of the Web access service, blocking access to unwanted websites, Virus, Spam, Applications and intrusion attempts. Its configuration is made entirely by the web interface. -
18
PHP - Net_RouterOS
A client for the MikroTik RouterOS API protocol, written in PHP.
A client for the MikroTik RouterOS API protocol, written in PHP. Easy, tested and documented. All feedback welcomed. -
19
CrowdSec
Firewall able to analyze visitor behavior & provide adapted response
CrowdSec - an open-source massively multiplayer firewall able to analyze visitor behavior & provide an adapted response to all kinds of attacks. It also leverages the crowd power to generate a global IP reputation database to protect the user network. Crowdsec shouldn't, and didn't crash any production so far we know, but some features might be missing or undergo evolutions. IP Blocklists are limited to very-safe-to-ban IPs only (~5% of the global database so far, will grow soon). A modern behavior detection system, written in Go. It stacks on Fail2ban's philosophy, but uses Grok patterns & YAML grammar to analyse logs, a modern decoupled approach (detect here, remedy there) for Cloud/Containers/VM based infrastructures. Once detected you can remedy threats with various bouncers (block, 403, Captchas, etc.) and blocked IPs are shared among all users to further improve their security. Crowdsec is an open-source, lightweight software, detecting peers with aggressive behaviors. -
20
OpenFW UTM Community is a "turn-key" , fork solutions Endian Firewall UTM Community, linux security distribution that makes your system a full featured security appliance with Unified Threat Management (UTM) functionalities. The software has been designed for the best usability: very easy to install, use and manage and still greatly flexible. The feature suite includes stateful packet inspection firewall, application-level proxy HTTP with antivirus support, content filtering of Web traffic and a "hassle free" VPN solution (based on both OpenVPN, IPsec and Wireguard)
-
21
m0n0wall is a powerfull Router Application Platform.
-
22
VTD-XML is the next generation XML parser/indexer/editor/slicer/assembler/xpath-engine that goes beyond DOM, SAX and PULL in performance, memory usage, and ease of use.
-
23
OpenWRT ©VMWare ©ESXi Appliance
OpenWRT ©VMWare ©ESXi Appliance NAT router
Ready to use OpenWRT NAT router appliance for ©VMWare ©ESXi. You only have to uncompress and register it to your ©ESXi server to be able to use it as a fencing device between your LAN network and some NATed network inside your ©ESXi host. It can also be easily configured to serve as a firewall in a dedicated ©ESXi host. You can follow the setup guide at https://33hops.com/vmware-esxi-nat-with-custom-firewall.html The appliance comes in a very small package (less than 5 MB), still it's fully functional, make not mistake. It is configured with 256 MB of RAM in a 50 MB .vmdk disk, which should be more than enough for any small lab, corporate department or (c)VMWare (c)ESXi dedicated server. Just uncompress and register, enjoy. -
24
-
25
Coccinellida - Simple SSH Tunnel Manager for Mac OS X
