Created
November 15, 2012 06:52
-
-
Save trustin/4077096 to your computer and use it in GitHub Desktop.
Trustin's /etc/pf.conf for Mac OS X
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # 1. Put this file to /etc/pf.conf | |
| # 2. Install init boot scripts using IceFloor then - http://www.hanynet.com/icefloor/ | |
| # I tried to use IceFloor to configure everything but it didn't work very well. | |
| # 3. Once done, you can confirm the rules were loaded with 'sudo pfctl -sr' | |
| # 4. At System Preferences -> Security -> Firewall -> Firewall Options, | |
| # check 'Block all incoming connections' to prevent annoying per-app dialogs. | |
| set skip on lo0 | |
| set block-policy drop | |
| block in all | |
| pass out all | |
| # Localhost access | |
| # Ping | |
| pass in proto icmp all | |
| # SSH | |
| pass in proto tcp from any to port 22 | |
| # DNS | |
| pass in proto tcp from any to port 53 | |
| pass in proto udp from any to port 53 | |
| # DHCP | |
| pass in proto tcp from any to port 67:68 | |
| pass in proto udp from any to port 67:68 | |
| # NTP | |
| pass in proto tcp from any to port 123 | |
| pass in proto udp from any to port 123 | |
| # mDNS | |
| pass in proto tcp from any to port 5353:5354 | |
| pass in proto udp from any to port 5353:5354 | |
| # BitTorrent (Transmission) | |
| pass in proto tcp from any to port 51413 | |
| pass in proto udp from any to port 51413 | |
| # Skype | |
| pass in proto tcp from any to port 32814 | |
| pass in proto udp from any to port 32814 |
DHCP and NTP do not use TCP protocol so I guess there are some odd rules here...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is still still applicable in 2017 with macOS Sierra? trying to beef up and this looks good but don't know if its already switch on by enabling firewall.