Last active
October 10, 2018 20:52
-
-
Save mlsmrc/14cefecaa09ca6144f65a069f443ace5 to your computer and use it in GitHub Desktop.
Blocking some incoming connections to specific ports for Apple MacOS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Move this files first | |
# pf.conf -> /etc/pf.conf | |
# security.pf.plist -> /Library/LaunchDaemons/security.pf.plist | |
# security.pflog0creation.plist -> /Library/LaunchDaemons/security.pflog0creation.plist | |
# security.pflog0dump.plist -> /Library/LaunchDaemons/security.pflog0dump.plist | |
# | |
chmod 644 /etc/pf.conf | |
sudo launchctl load -w /Library/LaunchDaemons/security.pf.plist | |
sudo launchctl load -w /Library/LaunchDaemons/security.pflog0creation.plist | |
sudo launchctl load -w /Library/LaunchDaemons/security.pflog0dump.plist | |
#reboot your Mac | |
ssh root@localhost | |
# | |
# if it works you should be able to provide the password | |
# | |
# | |
# logs into /var/logs/pffirewall.log |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Default PF configuration file. | |
# | |
# This file contains the main ruleset, which gets automatically loaded | |
# at startup. PF will not be automatically enabled, however. Instead, | |
# each component which utilizes PF is responsible for enabling and disabling | |
# PF via -E and -X as documented in pfctl(8). That will ensure that PF | |
# is disabled only when the last enable reference is released. | |
# | |
# Care must be taken to ensure that the main ruleset does not get flushed, | |
# as the nested anchors rely on the anchor point defined here. In addition, | |
# to the anchors loaded by this file, some system services would dynamically | |
# insert anchors into the main ruleset. These anchors will be added only when | |
# the system service is used and would removed on termination of the service. | |
# | |
# See pf.conf(5) for syntax. | |
# | |
# | |
# com.apple anchor point | |
# | |
scrub-anchor "com.apple/*" | |
nat-anchor "com.apple/*" | |
rdr-anchor "com.apple/*" | |
dummynet-anchor "com.apple/*" | |
anchor "com.apple/*" | |
load anchor "com.apple" from "/etc/pf.anchors/com.apple" | |
### START Custom Rules ### | |
# Blocking incoming tcp connection | |
# 20/21 FTP | |
# 22 SSH | |
# 23 Telnet | |
# 137/138/139/445 SMB | |
# 548 Apple Filing Protocol | |
# 1900 Bonjour | |
# 3659 macOS Server Password | |
# 3283 Apple Remote Desktop | |
# 4488 Back to my Mac | |
# 5900 Screen Sharing (VNC) | |
# 5988 Apple Remote Desktop | |
ports = "{21,22,23,137,138,139,445,548,1900,3283,3659,4488,5800,5900,5988}" | |
block in log (all, to pflog0) proto tcp from any to any port $ports |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-8"?> | |
<!DOCTYPE plist PUBLIC "-//Apple Computer/DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
<plist version="1.0"> | |
<dict> | |
<key>Label</key> | |
<string>security.pf.plist</string> | |
<key>Program</key> | |
<string>/sbin/pfctl</string> | |
<key>ProgramArguments</key> | |
<array> | |
<string>/sbin/pfctl</string> | |
<string>-e</string> | |
<string>-f</string> | |
<string>/etc/pf.conf</string> | |
</array> | |
<key>RunAtLoad</key> | |
<true /> | |
<key>KeepAlive</key> | |
<true/> | |
</dict> | |
</plist> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-8"?> | |
<!DOCTYPE plist PUBLIC "-//Apple Computer/DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
<plist version="1.0"> | |
<dict> | |
<key>Label</key> | |
<string>security.pflog0dump.plist</string> | |
<key>Program</key> | |
<string>/sbin/ifconfig</string> | |
<key>ProgramArguments</key> | |
<array> | |
<string>/sbin/ifconfig</string> | |
<string>pflog0</string> | |
<string>create</string> | |
</array> | |
<key>RunAtLoad</key> | |
<true /> | |
</dict> | |
</plist> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-8"?> | |
<!DOCTYPE plist PUBLIC "-//Apple Computer/DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
<plist version="1.0"> | |
<dict> | |
<key>Label</key> | |
<string>security.pflog0dump.plist</string> | |
<key>Program</key> | |
<string>/usr/sbin/tcpdump</string> | |
<key>ProgramArguments</key> | |
<array> | |
<string>/usr/sbin/tcpdump</string> | |
<string>-i</string> | |
<string>pflog0</string> | |
<string>-w</string> | |
<string>/var/log/pffirewall.log</string> | |
</array> | |
<key>RunAtLoad</key> | |
<true /> | |
<key>KeepAlive</key> | |
<true/> | |
</dict> | |
</plist> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment