Skip to content

Release Notes

1.0.0 — Feb 2026

Initial public release.

Features

  • Interactive curses TUI for visual firewall management
  • Command-line interface with subcommands: status, block, unblock, set, allow, deny, icmp
  • Per-interface incoming traffic blocking — block Wi-Fi while keeping Tailscale open
  • Port exceptions — allow specific ports through on blocked interfaces (TCP + UDP)
  • ICMP control — optionally block ping/traceroute on blocked interfaces (allowed by default)
  • PF anchor approach — rules in /etc/pf.anchors/wj-firewall, auto-repairs pf.conf references
  • Tailscale detection — identifies utun interfaces with CGNAT addresses
  • DHCP passthrough — blocked interfaces can still obtain IP addresses
  • Silent drop — uses block drop to avoid triggering macOS Private Relay issues
  • Zero dependencies — Python 3.12+ stdlib only