How to block a particular port in MacOSX.
- April 14th, 2008
- Posted in Documentation
- Write comment
sudo ipfw add 1 deny tcp from any to any portnumber out
sudo ipfw add 2 deny udp from any to any portnumber out
Example:
sudo ipfw add 1 deny tcp from any to any 137 out
sudo ipfw add 2 deny udp from any to any 137 out
So I know this post is about 4 years old but it looks like it still is relevant. Just used this to block port 25 on a particular machine that may be acting as a relay within my network. What I want to do now is check to make sure port 25 is blocked on this machine. Do you know how I would do that? It looks like the command was successful in Terminal but I just wanted to run a test and don’t really know how…
Thanks for posting this.
@Trevor
To ensure that the traffic is being blocked, I usually use telnet from an IP address on the network I am trying to block. For instance, an untrusted internet IP address.
telnet MyProtectedIPAddress 25
I just tested this out in Lion using the following scenario:
# Started a temporary SSH daemon on port 3000.
/usr/sbin/sshd -p 3000
# Added block
sudo ipfw add 1 deny tcp from any to any 3000
From another machine:
# telnet 192.168.0.219 3000
Trying 192.168.0.219…
telnet: connect to address 192.168.0.219: Connection timed out
Back on my MacOS machine:
# Remove block
sudo ipfw del 1 deny tcp from any to any 3000
From another machine again to verify the block has been removed:
# telnet 192.168.0.219 3000
Trying 192.168.0.219…
Connected to 192.168.0.219.
Escape character is ‘^]’.
SSH-2.0-OpenSSH_5.6
And to reopen the port do tyou change deny to allow?
#sudo ipfw add 1 allow tcp from any to any 137 out
Thanks.
@Michael Coyle
No, I would just delete it.
sudo ipfw delete 1 deny tcp from any to any 137 out
This is still relevant today, I needed to block port 5223 to turn off push notifications. This command did the trick!!
Thank you for posting.
i just had to block 1161, not sure why snmpwalk is asking to use the interwebs.
@dan
Don’t you mean port 161? I would suspect that it is because of the parameters you passed to snmpwalk, in particular the host.
Thanks for posting this. Would have been very easy for me, but unfortunately ipfw is no longer available in Yosemite. Can you suggest an alternative way to block ports in Yosemite? Thanks!
You are going to want to look at the pf.conf. I don’t have any sample I can provide right now, but maybe that will point you to the right direction. Man pf.conf.