I'm a Terminal newb, and trying to wrap my head around manual "Little Snitch" functionality without using Little Snitch.
From the research I've been doing, I've landed on the fact that I need to utilize pf.conf, however I have no idea how to format my request for Terminal.
I need to block a connection to www.domain.com on port 443. How do I do this?
Best Answer
To permanently block outgoing traffic to specific domains you should create a new anchor file and add it to pf.conf.
Create an anchor file org.user.block.out in /private/etc/pf.anchors
with the following content and a trailing empty line
The additional domain names in mybadhosts are just an example how to add additional domains. The same goes for port 80 in mybadports.
A simple but less flexible solution is:
Modify the file /private/etc/pf.conf but keep a trailing empty line
original file:
to
Parse and test your anchor file to make sure there are no errors:
Now modify /System/Library/LaunchDaemons/com.apple.pfctl.plist from
to
You have to disable System Integrity Protection to accomplish this. After editing the file reenable SIP. After rebooting your Mac pf will be enabled (that's the -e option).
Alternatively you may create your own launch daemon similar to the answer here: Using Server 5.0.15 to share internet WITHOUT internet sharing.
After a system update or upgrade some of the original files above may have been replaced and you have to reapply all changes.