MacOS – How to open a port in macOS Sierra 10.12.4

firewallmacos

I'm running macOS Sierra 10.12.4 and am trying to open a port (12345). I can't use the GUI firewall tool as it's app specific, not port specific.

I have tried the following this article, but it did not work. When I run sudo pfctl -f /etc/pf.conf I get:

pfctl: Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.

No ALTQ support in kernel
ALTQ related functions disabled

It may also help to note that in my firewall (GUI) options I have blocked pretty much all options as shown below.

enter image description here

Best Answer

The linked How-to is wrong!

You simply can't open a port in a firewall. You can block a port or not. By default pf is disabled and doesn't block anything. If you enable stealth mode in the Application Firewall, pf will be enabled via the com.apple/250.ApplicationFirewall anchor with a very limited set of rules:

scrub in all fragment reassemble
block drop in inet proto icmp all icmp-type echoreq
block drop in inet proto icmp all icmp-type echoreq
block drop in inet6 proto ipv6-icmp all icmp6-type echoreq

Except incoming IPv4/6 ICMP echo request, pf won't block anything. The default pf.conf doesn't contain any block all ... or allow all ... rules.

To open a port on your host, you have to launch an app which opens a listening port. Example nc:

nc -l 12345

After entering the command you will be asked to accept incoming network connections for nc by the Application Firewall.

To connect to nc listening at port 12345 from remote simply enter nc hostname 12345 on a second host (replace hostname with the host name of the Mac running nc).

You can check open ports from remote by entering nmap hostname -Pn (if stealth mode is enabled).

Related Question