User profile for user: Pelagious
Pelagious Author
User level: Level 1
6 points

Blocking Specific Firewall Ports

Good Evening -


I am trying to figure out how to BLOCK specific ports via my application firewall. I am using Yosemite 10.10.5. I did two port scans - the first using the MAC Network utility and the second using NMAP. I would like to block a number of the specific ports that were determined to be opened in the scan. Using Preferences-> Security&Privacy-> Firewall_Options will only allow application specific traffic to be allowed or blocked.


On a Windows system you simply to go the firewall -> create a rule -> specify the port#_protocol_inbound/outbound_and block or allow.


I have found dozens of articles pertaining to ALLOWING specific applications (and generally, well known ports), but none referencing blocking specific ports (including via the terminal_pf)


Any information would be greatly appreciated!!

Posted on Dec 17, 2016 5:54 PM

Reply
3 replies
User profile for user: BobTheFisherman
BobTheFisherman
User level: Level 10
86,027 points

Dec 18, 2016 5:23 PM in response to Pelagious

Unless you are running for example a server on the port no one can access the port. And assuming your residential network is behind a router, no one on the Internet can access your computer's ports unless you forward those ports in your router to your computer. They can not even send ICMP packets to a port on your computer. You are no longer in the Windows world. OSX does not run any services that can be accessed unless you enable access, both in your residential network, and in your router.


There is no need to block ports on your computer by using the firewall.

Reply
User profile for user: Pelagious
Pelagious Author
User level: Level 1
6 points

Dec 18, 2016 4:52 PM in response to BobTheFisherman

This is a small, residential LAN (PC, game console, printer, phone, Apple TV). Port 23 for example - i have no need for Telnet incoming or outgoing. Or port 113 - I have no need for Ident incoming or outgoing. This is a small, residential LAN (PC, game console, printer, phone, Apple TV). Port 9998 - 'distinct32' ?


Again, on a Windows box I would simply create Rule <name>, port#, protocol, block incoming/outgoing - takes about 30 seconds. I can't believe that OSX does not have similar functionality?!

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Blocking Specific Firewall Ports

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up