I want to test something locally. For that, I'd like to be able to drop outgoing packets sent to a specific host/port. I tried messing around with pf rules using Murus (the non-free version), but have been unsuccessful.
I am comfortable in the terminal, but am unsure where to make any changes and how to apply them. I am familiar with iptables on linux.
Can I get some direction on how to achieve this?
Best Answer
To permanently block outgoing traffic to specific domains and/or ports you should create a new anchor file and add it to pf.conf.
Create an anchor file org.user.block.out in /private/etc/pf.anchors
with the following content and a trailing empty line
The additional domain names/IP addresses in mybad*hosts are just an example how to add additional domains. The same goes for the ports 80/5353 in mybad*ports.
A simple but less flexible solution is:
Modify the file /private/etc/pf.conf but keep a trailing empty line
original file:
to
Parse and test your anchor file to make sure there are no errors:
Now modify /System/Library/LaunchDaemons/com.apple.pfctl.plist from
to
You have to disable System Integrity Protection if El Capitan is installed to accomplish this. After editing the file reenable SIP. After rebooting your Mac pf will be enabled (that's the -e option).
Alternatively you may create your own launch daemon similar to the answer here: Using Server 5.0.15 to share internet WITHOUT internet sharing.
After a system update or upgrade some of the original files above may have been replaced and you have to reapply all changes.
Murus:
Open Murus. Click the gear in the configuration panel to create a custom rule:
Enter all necessary details:
Hit the blue button Add Custom PF rule and start PF in the upper right corner with the rightwards arrowhead (or "play" button).