Last active
February 14, 2020 05:36
-
-
Save ozouai/d0b7b3d962585129d34654f15581f51f to your computer and use it in GitHub Desktop.
/etc/pf.conf for Mac OS X
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Ruleset to block all incoming traffic on WiFi | |
| block in on en0 | |
| pass out on en0 keep state | |
| # Rules to allow DHCP (you won't get an address without these) | |
| pass in on en0 proto udp from any port 68 | |
| pass in on en0 proto udp from any port 67 | |
| # Rules for Bonjour (uncomment these to allow Bonjour to work) | |
| # Bonjour is needed for AirPlay, Home Sharing, Printer Discovery, etc. | |
| # You can constrict this to your home network by changing any to your home network (E.x. 192.168.1.0/24) | |
| # pass in on en0 proto udp from any port 5353 | |
| # pass in on en0 proto udp from any port 5351 | |
| # pass in on en0 proto udp from any port 5350 | |
| # pass in on en0 proto udp from any port 1900 | |
| # Rules for IPSec (untested) | |
| # pass in on en0 proto udp from any port 500 | |
| # pass in on en0 proto udp from any port 1701 | |
| # pass in on en0 proto udp from any port 4500 | |
| # Custom Rules | |
| # You can use this rule to allow TCP connections in from WiFi. | |
| # `any` can be changed with an IP range to restrict incoming connections. | |
| # The IP Address of a specific device can be put in with a `/32` prefix `192.168.1.5/32` | |
| # pass in on en0 proto tcp from any port 80 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment