Yeah, OS X's Firewall program is actually very good... but the prefpane to configure it really isn't.
In System Preferences, it automatically blocks all incoming requests, while allowing all outgoing requests (not to be confused with the actual communication... so for example, you can initiate web connection with any website, and still receive the data, but others can't pull web data from your computer).
So, just by turning on the firewall in the system preferences, you have blocked anyone from accessing all services on your computer, while still allowing you to send out any data whatsoever... even if it's done behind your back in a program.
To enable outgoing blocking, you can either download Brickhouse to configure the firewall to your hearts content, or you can use the ipfw command in terminal.
If you aren't familiar with the terminal, I would strongly suggest Brickhouse, since it's so robust, and isn't all too difficult to configure, but if you would like to see what it's doing, you can type 'man ipfw' in the terminal for the long convoluted manual page on the firewall utility. Just a warning: Listed under the bugs for the ipfw utility is that the syntax has become very convoluted... and it's very true. It takes a while to understand how you have to write commands and the like. If you would like more help on the ipfw side of things, I can help you since that's how I have my firewall configured.
Edit: Just saw the other thing you wanted about history. I don't think OS X a history on that kind of thing. You can see what's happening right now by typing 'sudo tcpdump' in the terminal. I would imagine that you could set up a script that would always be running that, and saving it to a file, but it would be incredibly CPU intensive.
The other way you could do it is with the count feature of ipfw. You can have specific statements that instead of filtering, they just count the number of matches. This would be good only if you are interested in communication between several machines, since you need to enter in each ip address individually.
There might be other ways to do it, as well, and I just don't know about them.
On Windows, I have a firewall that asks about incoming and outgoing connections based on address. It is on by default that it asks for these connections. I use it to block apps from going to certain addresses, i.e. Windows Media Player phoning home to MS or blocking ad sites or unknown ip's when browsing in any web browser. I can allow for a session or always allow specific addresses while still asking for all other addresses.
Is there anything out the for OSX that will give me the ability to selectivly block incoming and outgoing traffic for applications? This is a big thing for me. I don't want apps sending info anywhere without me knowing it.
Is there anything out the for OSX that will give me the ability to selectivly block incoming and outgoing traffic for applications? This is a big thing for me. I don't want apps sending info anywhere without me knowing it.
Comments
In System Preferences, it automatically blocks all incoming requests, while allowing all outgoing requests (not to be confused with the actual communication... so for example, you can initiate web connection with any website, and still receive the data, but others can't pull web data from your computer).
So, just by turning on the firewall in the system preferences, you have blocked anyone from accessing all services on your computer, while still allowing you to send out any data whatsoever... even if it's done behind your back in a program.
To enable outgoing blocking, you can either download Brickhouse to configure the firewall to your hearts content, or you can use the ipfw command in terminal.
If you aren't familiar with the terminal, I would strongly suggest Brickhouse, since it's so robust, and isn't all too difficult to configure, but if you would like to see what it's doing, you can type 'man ipfw' in the terminal for the long convoluted manual page on the firewall utility. Just a warning: Listed under the bugs for the ipfw utility is that the syntax has become very convoluted... and it's very true. It takes a while to understand how you have to write commands and the like. If you would like more help on the ipfw side of things, I can help you since that's how I have my firewall configured.
Edit: Just saw the other thing you wanted about history. I don't think OS X a history on that kind of thing. You can see what's happening right now by typing 'sudo tcpdump' in the terminal. I would imagine that you could set up a script that would always be running that, and saving it to a file, but it would be incredibly CPU intensive.
The other way you could do it is with the count feature of ipfw. You can have specific statements that instead of filtering, they just count the number of matches. This would be good only if you are interested in communication between several machines, since you need to enter in each ip address individually.
There might be other ways to do it, as well, and I just don't know about them.
Originally posted by d3xt3r
can a person dissallow comunication with a specific ip?
either GUI or terminal...
and how can you check which ip's your computer has visited? (hisory...)
-thanks
If you don't do IP fowarding or something like that:
sudo ipfw add deny ip from THE_IP_ADDRESS to any
(incomming traffic), or:
sudo ipfw add deny ip from any to THE_IP_ADDRESS
(outgoing traffic)
you'll see a number listed, you need it to delete the rule, in case you missed it:
sudo ipfw list
you'll see the rule from above and a number, then:
sudo ipfw del THE_NUMBER
if you want the rule to be permanent, put it into a startup script.
-thanks
Is there anything out the for OSX that will give me the ability to selectivly block incoming and outgoing traffic for applications? This is a big thing for me. I don't want apps sending info anywhere without me knowing it.
Thanks for the info.
Is there anything out the for OSX that will give me the ability to selectivly block incoming and outgoing traffic for applications? This is a big thing for me. I don't want apps sending info anywhere without me knowing it.
LittleSnitch is for you.