Pf
From Wasya Wiki
Required for pf to work: restart, command+R, terminal, then:
csrutil disable
Enable:
sudo pfctl -E
Status:
sudo pfctl -s info sudo pfctl -vvv -s all
List rules:
sudo pfctl -sr
Reload
sudo pfctl -f /etc/pf.conf
From: https://pleiades.ucsc.edu/hyades/PF_on_Mac_OS_X
Other:
# basic pfctl control # == # Related: http://www.OpenBSD.org # Last update: Tue Dec 28, 2004 # == # Note: # this document is only provided as a basic overview # for some common pfctl commands and is by no means # a replacement for the pfctl and pf manual pages. ############################# #### General PFCTL Commands #### ############################# # disable packet-filtering: # pfctl -d # enable packet-filtering: # pfctl -e # run quiet: # pfctl -q # run even more verbose: # pfctl -v ###################### #### Loading PF Rules #### ###################### # load /etc/pf.conf: # pfctl -f /etc/pf.conf # parse /etc/pf.conf, but dont load it: # pfctl -n -f /etc/pf.conf # load only the FILTER rules: # pfctl -R -f /etc/pf.conf # load only the NAT rules: # pfctl -N -f /etc/pf.conf # load only the OPTION rules: # pfctl -O -f /etc/pf.conf ############################### #### Clearing PF Rules & Counters #### ############################### # flush ALL: # pfctl -F all # flush only the RULES: # pfctl -F rules # flush only queue’s: # pfctl -F queue # flush only NAT: # pfctl -F nat # flush all stats that are not part of any rule: # pfctl -F info # clear all counters: # pfctl -z # note: flushing rules do not touch any existing stateful connections ######################### #### Output PF Information #### ######################### # show filter information: # pfctl -s rules # show filter information for what FILTER rules hit: # pfctl -v -s rules # filter information as above and prepend rule numbers: # pfctl -vvsr show # show NAT information, for which NAT rules hit: # pfctl -v -s nat # show NAT information for interface xl1: # pfctl -s nat -i xl1 # show QUEUE information: # pfctl -s queue # show LABEL information: # pfctl -s label $ show contents of the STATE table: # pfctl -s state # show statistics for state tables and packet normalization: # pfctl -s info # show everything: # pfctl -s all ######################### #### Maintaining PF Tables #### ######################### # show table addvhosts: # pfctl -t addvhosts -T show # view global information about all tables: # pfctl -vvsTables # add entry to table addvhosts # pfctl -t addvhosts -T add 192.168.1.50 # add a network to table addvhosts: # pfctl -t addvhosts -T add 192.168.1.0/16 # delete nework from table addvhosts: # pfctl -t addvhosts -T delete 192.168.1.0/16 # remove all entries from table addvhosts: # pfctl -t addvhosts -T flush # delete table addvhosts entirely: # pfctl -t addvhosts -T kill # reload table addvhosts on the fly: # pfctl -t addvhosts -T replace -f /etc/addvhosts # find ip address 192.168.1.40 in table addvhosts: # pfctl -t addvhosts -T test 192.168.1.40 #load a new table definition: # pfctl -T load -f /etc/pf.conf # output stats for each ip address in table addvhosts: # pfctl -t addvhosts -T show -v # reset all counters for table addvhosts: # pfctl -t addvhosts -T zero
etc/pf.anchors/com.piousbox.block.out
mybadtcphosts = "{ license.sublimehq.com 45.55.255.55 45.55.41.223 }" mybadtcpports = "{ 443, 80 }" mybadudphosts = "{}" mybadudpports = "{ 53, 5353 }" block drop out proto tcp from any to $mybadtcphosts port $mybadtcpports # block drop out proto udp from any to $mybadudphosts port $mybadudpports