Release Notes

1.0.0 — Feb 2026

Initial public release.

Interactive curses TUI for visual firewall management
Command-line interface with subcommands: status, block, unblock, set, allow, deny, icmp, remove
Per-interface incoming traffic blocking — block Wi-Fi while keeping Tailscale open
Port exceptions — allow specific ports through on blocked interfaces (TCP + UDP)
ICMP control — optionally block ping/traceroute on blocked interfaces (allowed by default)
PF anchor approach — rules in /etc/pf.anchors/wj-firewall, auto-repairs pf.conf references
Boot persistence — installs a launch daemon to re-enable PF at boot
Clean removal — remove command undoes all PF modifications (anchor, pf.conf, launch daemon)
Tailscale detection — identifies utun interfaces with CGNAT addresses
DHCP passthrough — blocked interfaces can still obtain IP addresses
Silent drop — uses block drop to avoid triggering macOS Private Relay issues
Zero dependencies — Python 3.12+ stdlib only