I am looking to block specific ports when accessing a particular online service. I have the number of ports I need to block already, but I don't know how to block them. I am using an iMac running OS X El Capitan 10.22.6 and an AirPort Extreme v7.6.7. Any tips?
For the AirPort
By default all IPv4 ports on an AirPort base station are closed (not "hidden") to inbound traffic from the Internet as the base station employs a simple NAT-based "firewall." However, all ports are open going outbound.
If you are using a service on the Internet which you send traffic to, the return traffic will access the specific ports that application tells it to, to complete the loop. If your goal is to "close" that loop, then you will need to port forward that return traffic to a non-existent local network client as a potential workaround. Not sure how successful your application will be with certain communications being blocked.
Regardless, the workaround is to port forward the undesired inbound ports to a local IP address that is outside of the DHCP scope of the network. By default, the AirPort's DHCP service provides addresses in the 10.0.1.2 - 10.0.1.200 range. You would then port forward to address starting with 201, up to 254.
For example, if you want to block port 800, you would set up a port map in the AirPort Utility as follows:
For your Mac
To block all incoming connections for a specific application, you would use System Preferences, as follows:
Note: If you want more control over the OS X software firewall, you will need to look into a third-party application that does this. A few are: Murus and Little Snitch
What I'm trying to block are ports to constrict an application on a gaming system. Will this workaround work for that as well, or only when I'm on my computer?
Also, what if there is one single port and then a range of ports I need blocked/closed? How would I set that up?
I greatly appreciate your thorough response. I'm just very new to this.
Without knowing more specifics, at best, I can only say "possibly." You can certainly give either or both the AirPort and/or the Mac suggestions a try to see if either will work for your situation. Regardless, they are just workarounds and not a true solution. More likely, you may have to consider using a dedicated firewall networking appliance.
As far as entering single or multiple ports, let's try another example. Let's say you need to block ports 500, 700, 800, 801, 802, & 5000 thru 6000.
The settings would look like the following:
Public UDP Ports: 500, 700, 800-802, 5000-6000
These would be the same values for each of the port fields in the utility. They would all go to the same local IP address.
For future reference:
The AirPort information that Tesserax has provided assumes that you have your AirPort Extreme set up in a Router Mode of DHCP and NAT.....and not "Off (Bridge Mode)".
The reason for this would be that there are no port settings for the AirPort router when it is setup in Bridge Mode.
If you are not sure what setting the AirPort Extreme is actually set to at this time, you can check the Router Mode setting using AirPort Utility on your Mac.
Open AirPort Utility (Finder > Applications > Utilities > AirPort Utility)
Click on the AirPort Extreme, then click Edit in the smaller window that appears
Click the Network tab at the top of the next screen
Check the setting for Router Mode
It's in DHCP and NAT router mode.
This didn't do anything as far as blocking any ports, but thank you for the thorough response. Any other suggestions?
Got it, thanks.
In the last few days, we had a user who was asking how to forward ports on an AirPort router when the Port Mapping settings on his AirPort router were "not even visible". There was a reason for that, but the user would not accept it.....mentioning that his friend, "who knows computers" had told him that he had to set up ports on his AirPort no matter what.
Sorry, but again, without any specifics on the gaming application's networking requirements, I really don't have much else to offer at this time.
The other issue is if you are hosting a game server does your ISP support this with the type of Internet service they are providing you. Unless you pay extra, most likely, you are getting a consumer-grade level of service. This type of service typically has better download than upload bandwidth. Also with this type of service some ISPs will not provide you with a true public IP address. Instead they would provide you with a private IP, starting with 10, 172, or 192. This type of addressing will not work for user access to a game server.
So I have been playing GTA V online and I've heard from several users that you can block ports so that you can play in a public private session in peace without people killing you left and right.
Here's what I've found so far:
"Now onto the steps to reproduce. Do keep in mind this is only for windows, i'm unsure how it works with mac or linux but if you have those OS then i'm sure you can guess around.
Steps:
If you wish to head back into a pub lobby again, you need only disable that rule by right clicking and disable. Rejoin a new session and then you will be placed into a pub lobby once again.
I hoped this helped and happy grinding!
Quick note: If you are on console you can do the same by just blocking this using your ISP control panel located at 192.168.1.1 However it varies from Device so i cannot help you there"
Does this help?
Also, my IP Address starts with 71.
Thanks for the detailed information. This is what neither the AirPort nor OS X's firewall natively can support. You will have to use either Murus or Little Snitch to have this much control for firewall rule setting.
And Little Snitch can control ports accessed by GTA V Online?
Can't say for sure as I don't access GTA V online. However, you can download a trial version of Little Snitch and find out for yourself if it will do what you need it to.
Little Snitch (or Murus) will allow you to create firewall rules for the OS X software firewall similar to what you were provided for the Windows firewall. However, since you cannot do this natively with the OS X firewall interface, as I mentioned earlier, applications, like Little Snitch, can take full advantage of it.
Looking to Block Ports on AirPort Extreme
