Notification Alerts

Notification Alerts can be activated in Vallum Preferences -> Notifications.
When active, Vallum acts as an inclusive firewall. Vallum is able to intercept apps’ TCP/UDP outbound connections and hold them while you decide whether to block or pass them.
Every time a connection does not match any existing rule Vallum will popup a notification alert in the center of currently active display. By default notification alerts window is partially collapsed and some options are hidden. Click the blue “more options…” button to display more filtering options and click “show pf options…” to expand it and display network-level options for filtering connections using the PF packet filter and Murus. If you do not see the “show pf options…” button then you have to enable interaction with Murus in Vallum Preferences -> General.

By default Vallum notification shows only 2 buttons: “Pass this app forever“ and “Block this app forever“.
Click “more options...“ to display the rule selection matrix which is made of four radio buttons. Selectin a radio button alters both “Pass...“ and “Block...“ buttons functions and titles.
This matrix has four options:

Select an option and the PASS/BLOCK buttons will change their title accordingly. To stop all notification alerts from an app select the first option then click PASS or BLOCK. All forthcoming connections from this app will be passed or blocked according to this rule, and this app will not trigger notification alerts any more. This rule can be set as definitive or temporary. If you choose 'forever' then Vallum will store this rule and it will load it at next system restart. Otherwise if you choose 'until next logout' or 'for xx minutes' then Vallum will enforce this rule only for the given time. When time expires Vallum deletes the rule. In case of new connections new notification alerts will be triggered.

To pass only a single connection you have to select the second, third or fourth option. You may want to pass all app's connections to the given port, IP address or subnet. For IPv4 connections you have three predefined subnet addresses corresponding to the standard A, B and C classes for current IP address. For IPv6 connections you have to manually type IPv6 CIDR address. Vallum will take care of checking both syntax and if current IP address is included in the chosen network.

Selecting the third option (IP address) will display an additional option, the 'Silence' option. If an app triggers too many consecutive notification alerts you can select the 'Silence for xxx seconds' option then click PASS or BLOCK. Vallum will automatically pass or block all connections from this app accordingly. It will also automatically create and store pass or block rules in app's ruleset.

Notification alerts display some information about current connection. To get more info click on the blue app name, a drop down view will display some info and interact with connection parameters. To analyze app signature click 'signature info...'.
Notification alerts expire. When an alert expires pass is passed for 30 seconds. You can change this default behavior in Vallum Preferences -> Notifications. There you can also tune expire time.
Geolocalization info in Vallum is taken from RIR databases. If you own Murus Basic or Murus Pro you can update Nations definitions from Murus. Vallum will make uses of updated Murus database if available.