Block outgoing connections with firewall mac os

How to Block Outgoing Connections on a Mac

Related

The built-in Mac OS X firewall provides the ability to block incoming connections, but it doesn’t provide a transparent way to block outgoing connections. However, you can use Terminal to set your Mac to block connections for specified programs. The «hosts» file contains the firewall settings for your Mac. Using Terminal you can access the file and make changes to your firewall settings to block access to specific websites and prevent information from leaving your network.

Click the «Go» menu, select «Utilities,» and then double-click «Terminal» to launch the utility.

Type «sudo cp /private/etc/hosts

/Documents/hosts-backup» (omit the quotes here and throughout) to create a backup of the «hosts» file before editing. You can open this file later if you find the changes you made to your system resulted in unintended behaviors.

Type «sudo nano /private/etc/hosts» in the Terminal window, and then press the «Enter» key. «Sudo» indicates that you want to gain administrator access, «nano» tells Terminal the program to use — in this case, the Nano text editor — and the pathname indicates the location of the «hosts» file.

Type your administrator account password, and then press the «Enter» key. You must set up a password for your account to make changes in Terminal. If your account doesn’t have a password, select «System Preferences» in the Dock, click «Users & Groups,» select your administrator account, click the «Change Password. » button, and then enter a new password.

Press the down arrow key to position the cursor below the default set of rules. Don’t edit any of the existing rules as they set your current firewall settings and allow your computer to function properly.

Type the domain IP address of the website you want to block communication with in a blank line followed by a space and the domain name. Use the format «0.0.0.0 domainname.com» and put each entry on a separate line.

Close the window, enter the Terminal application again, and then type «dscacheutil -flushcache» to reset the cache and apply the new rules.

Источник

Block connections to your Mac with a firewall

A firewall can protect your Mac from unwanted contact initiated by other computers when you’re connected to the internet or a network. However, your Mac can still allow access through the firewall for some services and apps. For example:

If you turn on a sharing service such as file sharing, macOS opens a specific port for the service to communicate through.

An app or service on another system can request and be given access through the firewall, or it might have a trusted certificate and therefore be allowed access.

For greater control, you can select apps and services, and specify whether they can have access through the firewall.

Turn on firewall protection

On your Mac, choose Apple menu

> System Preferences, click Security & Privacy, then click Firewall.

If the lock at the bottom left is locked , click it to unlock the preference pane.

Click Turn On Firewall.

To specify additional security settings, click Firewall Options and do any of the following:

Allow only specified apps and services to connect: Click the Add button , then select the app or service in the dialogue that appears.

Allow only essential apps and services to connect: Select the “Block all incoming connections” tickbox.

Automatically allow built-in software to receive incoming connections: Select the “Automatically allow built-in software to receive incoming connections” tickbox.

Automatically allow downloaded signed software to receive incoming connections: Select the “Automatically allow downloaded signed software to receive incoming connections” tickbox.

Enable stealth mode to make it more difficult for hackers and malware to find your Mac: Select “Enable stealth mode”.

Set firewall access for services and apps

On your Mac, choose Apple menu

> System Preferences, click Security & Privacy, then click Firewall.

If the lock at the bottom left is locked , click it to unlock the preference pane.

Click Firewall Options.

If the Firewall Options button is disabled, first click Turn On Firewall to turn on the firewall for your Mac.

Click the Add button under the list of services, then select the services or apps you want to add. After an app is added, click its up and down arrows to allow or block connections through the firewall.

Blocking an app’s access through the firewall could interfere with or affect the performance of the app or other software that may depend on it.

Important: Certain apps that don’t appear in the list may have access through the firewall. These can include system apps, services and processes, as well as digitally signed apps that are opened automatically by other apps. To block access for these programs, add them to the list.

When your Mac detects an attempt to connect to an app you haven’t added to the list and given access to, an alert message appears asking if you want to allow or deny the connection over the network or internet. Until you take action, the message remains and any attempts to connect to the app are denied.

Источник

About the application firewall

OS X includes an application firewall you can use to control connections made to your computer from other computers on your network.

OS X v10.5.1 and later include an application firewall you can use to control connections on a per-application basis (rather than a per-port basis). This makes it easier to gain the benefits of firewall protection, and helps prevent undesirable apps from taking control of network ports open for legitimate apps.

Configuring the application firewall in OS X v10.6 and later

Use these steps to enable the application firewall:

1. Choose System Preferences from the Apple menu.
2. Click Security or Security & Privacy.
3. Click the Firewall tab.
4. Unlock the pane by clicking the lock in the lower-left corner and enter the administrator username and password.
5. Click «Turn On Firewall» or «Start» to enable the firewall.
6. Click Advanced to customize the firewall configuration.

Configuring the Application Firewall in Mac OS X v10.5

Make sure you have updated to Mac OS X v10.5.1 or later. Then, use these steps to enable the application firewall:

1. Choose System Preferences from the Apple menu.
2. Click Security.
3. Click the Firewall tab.
4. Choose what mode you would like the firewall to use.

Advanced settings

Block all incoming connections

Selecting the option to «Block all incoming connections» prevents all sharing services, such as File Sharing and Screen Sharing from receiving incoming connections. The system services that are still allowed to receive incoming connections are:

• configd, which implements DHCP and other network configuration services
• mDNSResponder, which implements Bonjour
• racoon, which implements IPSec

To use sharing services, make sure «Block all incoming connections» is deselected.

Allowing specific applications

To allow a specific app to receive incoming connections, add it using Firewall Options:

1. Open System Preferences.
2. Click the Security or Security & Privacy icon.
3. Select the Firewall tab.
4. Click the lock icon in the preference pane, then enter an administrator name and password.
5. Click the Firewall Options button
6. Click the Add Application (+) button.
7. Select the app you want to allow incoming connection privileges for.
8. Click Add.
9. Click OK.

You can also remove any apps listed here that you no longer want to allow by clicking the Remove App (-) button.

Automatically allow signed software to receive incoming connections

Applications that are signed by a valid certificate authority are automatically added to the list of allowed apps, rather than prompting the user to authorize them. Apps included in OS X are signed by Apple and are allowed to receive incoming connections when this setting is enabled. For example, since iTunes is already signed by Apple, it is automatically allowed to receive incoming connections through the firewall.

If you run an unsigned app that is not listed in the firewall list, a dialog appears with options to Allow or Deny connections for the app. If you choose Allow, OS X signs the application and automatically adds it to the firewall list. If you choose Deny, OS X adds it to the list but denies incoming connections intended for this app.

If you want to deny a digitally signed application, you should first add it to the list and then explicitly deny it.

Some apps check their own integrity when they are opened without using code signing. If the firewall recognizes such an app it doesn’t sign it. Instead, it the «Allow or Deny» dialog appears every time the app is opened. This can be avoided by upgrading to a version of the app that is signed by its developer.

Enable stealth mode

Enabling stealth mode prevents the computer from responding to probing requests. The computer still answers incoming requests for authorized apps. Unexpected requests, such as ICMP (ping) are ignored.

Firewall limitations

The application firewall is designed to work with Internet protocols most commonly used by applications – TCP and UDP. Firewall settings do not affect AppleTalk connections. The firewall may be set to block incoming ICMP «pings» by enabling Stealth Mode in Advanced Settings. Earlier ipfw technology is still accessible from the command line (in Terminal) and the application firewall does not overrule any rules set using ipfw. If ipfw blocks an incoming packet, the application firewall does not process it.

Источник

Изменение настроек брандмауэра на Mac

В панели «Брандмауэр» в разделе Системных настроек «Защита и безопасность» можно включить брандмауэр macOS, чтобы предотвратить нежелательные подключения из Интернета и других сетей. Узнайте, как заблокировать подключение к Mac с помощью брандмауэра.

Чтобы изменить эти настройки на Mac, выберите меню Apple

> «Системные настройки», нажмите «Защита и безопасность», затем нажмите «Брандмауэр».

Примечание. Если в левом нижнем углу панели отображается закрытый замок , нажмите его, чтобы разблокировать панель настроек.

Если брандмауэр выключен, нажмите «Включить брандмауэр», чтобы включить защиту с его помощью.

Нажмите «Параметры брандмауэра», чтобы изменить параметры брандмауэра.

Блокировать все входящие подключения

В «Параметрах брандмауэра» выберите запрет входящих подключений к несущественным службам и приложениям.

Основные интернет-службы — это набор приложений, которые позволяют Mac находить службы, предоставляемые другими компьютерами в сети. Этот настройка предотвращает подключения всех других служб общего доступа.

Добавление

Чтобы добавить приложение или службу, в разделе «Параметры брандмауэра» нажмите кнопку «Добавить» , выберите объект в списке, затем нажмите «Добавить».

Удаление

Чтобы удалить приложение, выберите его в списке в «Параметрах брандмауэра» и нажмите кнопку «Удалить» .

Автоматически разрешать встроенному ПО входящие подключения

В разделе «Параметры брандмауэра» укажите, что Вы разрешаете встроенным приложениям и службам, которые подписаны действительным бюро сертификации, автоматически добавляться в список разрешенных приложений без Вашего подтверждения.

Автоматически разрешить загруженным подписанным программам принимать входящие подключения

В «Параметрах брандмауэра» укажите, что Вы разрешаете загруженным приложениям и службам, подписанным доверенным бюро сертификации, автоматически добавляться в список разрешенных приложений без подтверждения с Вашей стороны.

Включить режим невидимости

В «Параметрах брандмауэра» выберите, чтобы предотвратить реагирование Вашего Mac на проверочные запросы, которые используются для проверки наличия системы. При этом Mac отвечает на запросы авторизованных приложений, а неавторизованные запросы, например запросы ICMP (ping), остаются без ответа.

Нажмите, чтобы повысить безопасность компьютера Mac с помощью настроек, описанных в разделе Изменение дополнительных настроек.

Некоторые службы, к которым предоставлен общий доступ, могут подключаться через брандмауэр, если они включены в настройках общего доступа. Для дополнительной защиты можно запретить подключение к этим внешним службам, отключив эти службы в настройках общего доступа. Предоставление доступа к экрану, файлам или службам на компьютере Mac другим пользователям Вашей сети.

Источник