Recently I was watching a Gizmodo journalist's videos about her experiment with blocking outgoing connections to Google, FB, Microsoft and Apple. I wonder if it is possible to modify MacOS's built in firewall to block IP ranges that I specify, like all known FB ranges, coinhive etc.?
I used to configure ipfw but this seems to have gone away. I'm running Mojave.
I do not want to run any closed-source program like Little Snitch to accomplish this. I just want to configure Apple's firewall if possible.
Best Answer
It's not that complex with use of Pf firewall that's been ported from OpenBSD to MacOS quite a while ago. The whole ruleset could be as simple as:
After you've saved that minimal ruleset into say
pf-block-out.conf
file, you can apply it withsudo pfctl -ef pf-block-out.conf
— from Terminal. Similarly you can add or remove entries to the table w/o need to re-load the ruleset:$ sudo pfctl -t toBlockOut -T show 0.1.2.3 $ sudo pfctl -t toBlockOut -T del 0.1.2.3 1/1 addresses deleted.