- Apple Mac Firewall
- Block App Firewall
- Query Mac App Firewall Settings
- Firewall Settings Mac
- Query Mac App Firewall Password
On the Mac, you can't use URL based web queries as described above. Choosing Run Saved Query instead of New Web Query is for an entirely different purpose. New web query isn't available. Run Saved Query from.iqy does work, but I have no clue on how to create and then saving the.iqy text file.
Press the “Command” button and the space bar, simultaneously (this will open a search bar on your screen). Type “Terminal” (as you type, it should auto-fill). Double click “Terminal” in the left sidebar to open your Mac’s Terminal. Touch Create a new file. Nano Opens a Terminal file editor. You can make changes to your files right from the Terminal. Cp Copy a file to a directory. Cp Copy a file to the current directory with the name given as rm Remove a file completely. Opening an Application: Launch Terminal. Look for Terminal in 'Applications' → 'Utilities' →. Command for open file with terminal.app in mac.
Read reviews, compare customer ratings, see screenshots, and learn more about Guardian Firewall + VPN. Download Guardian Firewall + VPN and enjoy it on your iPhone, iPad, and iPod touch. Take back control of your personal data and the information you share while using your devices with the protection of Guardian Firewall and VPN. The lockdown access check limits D-Bus methods that are changing firewall rules. Query, list and get methods are not limited. The lockdown feature is a very light version of user and application policies for firewalld and is turned off by default. Enable lockdown. Nothing original here, I've simply combined a couple of the previous suggestions. Place this one script, saved as an application, in your script folder and use it to toggle the firewall on or off. If the firewall is ON, it will change its name to 'Turn Firewall OFF'. If the firewall is OFF, it will change its name to 'Turn Firewall.
Recently I found out that PyCharm fromJetBrains, despite being a wonderful IDE forPython, is continuously broadcasting my username to
230.230.230.230
forlicense check, seeherefor a report of the same problem for another Jetbrains’ product, which has thesame underpinning IDE as PyCharm.Naturally, I want a firewall to block the outgoing traffic to avoid leaking myprivate information to any network I might connect to.
The OS X application firewall (see Applenotes) can block incoming traffic onper-application basis and prevent applications from listening on network ports,but unfortunately it cannot be configured to block outgoing traffic.
The application firewall, however, is indeed implemented with PacketFilter fromOpenBSD project. Remember Mac OS X is part of theBSD family? PF has been shipped with recent releases of Mac OS X since Lion,including macOS since Sierra.
There are a number of third-party applications/firewalls on the market such asmurus. But they basically provide the user aGUI to configure PF on macOS - of course sometimes with other useful featuresas well - and they are mostly paid application (although murus does have alite version that is free).
![Firewall Firewall](/uploads/1/3/4/1/134153892/505382756.png)
But if you’re comfortable with command line as I am, all GUI applications areoverkill for the problem in hand. It’s possible to configure PF to blockoutgoing traffic in several easy step and less than a few minutes!
- First, create a new anchor file named
/etc/pf.anchors/jetbrains
with thefollowing PF rule to block traffic on interfaceen0
for any traffic sent toIP multicast address230.230.230.230
: https://renewtj737.weebly.com/how-to-delete-apps-installed-from-internet-on-mac.html.You would need sudo privillege to create file under/etc/pf.anchors
. Ananchor file is used to hold a sub-ruleset, which we will attach to the main PFruleset in the next step.quick
asks PF to stop further processing should apacket matches the rule. See PF filter reference on the syntax of therules for more details. - Then add the
jetbrains
anchor to the default PF configuration file/etc/pf.conf
. This allows the anchor and the rules to be active whenever youactivate the macOS firewall without interfering with any application firewallrule you might have defined through GUI. - Last, start the firewall from
System Preferences
→Security & Privacy
→Firewall
.
Tested with the following software versions:
- macOS 10.12 (16A323)
Other useful resource for PF on macOS:
- This article is mostly still relevant for macOS Sierra, although I believethere is no need to create a launchd item should you put the anchor into thedefault pf configuration file
/etc/pf.conf
as shown here. - This is a detailed wiki about PF and its command line
pfctl
andpflog
etc. Good read if you’d like to see more example usages of these tools. - This is a great guide with discussion of security and privacy on macOS to abroad extent. It also touches packet filter and discusses options forthird-party firewalls (including options that may not use PF).
Related Posts
Please enable JavaScript to view the comments powered by Disqus.Contents on this site are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Network administrators can use this information to make sure that Mac computers and other Apple devices can connect to services such as the App Store and Apple's software-update servers.
Ports used by Apple products
This is a quick-reference guide showing common examples, not a comprehensive list of ports. This guide is updated periodically with information available at the time of publication.
Some software might use different ports and services, so it can be helpful to use port-watching software when deciding how to set up firewalls or similar access-control schemes.
Some services might use more than one of these ports. For example, a VPN service can use up to four different ports. When you find a product in this list, search (Command-F) in your browser for that name, then repeat your search (Command-G) to locate all occurrences of that product.
Some firewalls allow selective configuration of UDP or TCP ports with the same number, so it's important to know the type of port you're configuring. For example, NFS can use TCP 2049, UDP 2049 or both. If your firewall doesn't allow you to specify the type of port, configuring one type of port probably configures the other.
Apple Mac Firewall
Port | TCP or UDP | Service or protocol name1 | RFC2 | Service name3 | Used by |
---|---|---|---|---|---|
7 | TCP/UDP | echo | 792 | echo | -- |
20 | TCP | File Transport Protocol (FTP) | 959 | ftp-data | -- |
21 | TCP | FTP control | 959 | ftp | -- |
22 | TCP | Secure Shell (SSH), SSH File Transfer Protocol (SFTP), and Secure copy (scp) | 4253 | ssh | Xcode Server (hosted and remote Git+SSH; remote SVN+SSH) |
23 | TCP | Telnet | 854 | telnet | -- |
25 | TCP | Simple Mail Transfer Protocol (SMTP) | 5321 | smtp | Mail (sending email); iCloud Mail (sending email) |
53 | TCP/UDP | Domain Name System (DNS) | 1034 | domain | -- |
67 | UDP | Bootstrap Protocol Server (BootP, bootps) | 951 | bootps | NetBoot via DHCP |
68 | UDP | Bootstrap Protocol Client (bootpc) | 951 | bootpc | NetBoot via DHCP |
69 | UDP | Trivial File Transfer Protocol (TFTP) | 1350 | tftp | -- |
79 | TCP | Finger | 1288 | finger | -- |
80 | TCP | Hypertext Transfer Protocol (HTTP) | 2616 | http | World Wide Web, FaceTime, iMessage, iCloud, QuickTime Installer, Maps, iTunes U, Apple Music, iTunes Store, Podcasts, Internet Radio, Software Update (OS X Lion or earlier), Mac App Store, RAID Admin, Backup, Calendar, WebDAV, Final Cut Server, AirPlay, macOS Internet Recovery, Profile Manager, Xcode Server (Xcode app, hosted and remote Git HTTP, remote SVN HTTP) |
88 | TCP | Kerberos | 4120 | kerberos | Kerberos, including Screen Sharing authentication |
106 | TCP | Password Server (unregistered use) | -- | 3com-tsmux | macOS Server Password Server |
110 | TCP | Post Office Protocol (POP3), Authenticated Post Office Protocol (APOP) | 1939 | pop3 | Mail (receiving email) |
111 | TCP/UDP | Remote Procedure Call (RPC) | 1057, 1831 | sunrpc | Portmap (sunrpc) |
113 | TCP | Identification Protocol | 1413 | ident | -- |
119 | TCP | Network News Transfer Protocol (NNTP) | 3977 | nntp | Apps that read newsgroups. |
123 | UDP | Network Time Protocol (NTP) | 1305 | ntp | Date & Time preferences, network time server synchronisation, Apple TV network time server sync |
137 | UDP | Windows Internet Naming Service (WINS) | -- | netbios-ns | -- |
138 | UDP | NETBIOS Datagram Service | -- | netbios-dgm | Windows Datagram Service, Windows Network Neighbourhood |
139 | TCP | Server Message Block (SMB) | -- | netbios-ssn | Microsoft Windows file and print services, such as Windows Sharing in macOS |
143 | TCP | Internet Message Access Protocol (IMAP) | 3501 | imap | Mail (receiving email) |
161 | UDP | Simple Network Management Protocol (SNMP) | 1157 | snmp | -- |
192 | UDP | OSU Network Monitoring System | -- | osu-nms | AirPort Base Station PPP status or discovery (certain configurations), AirPort Admin Utility, AirPort Express Assistant |
311 | TCP | Secure server administration | -- | asip-webadmin | Server app, Server Admin, Workgroup Manager, Server Monitor, Xsan Admin |
312 | TCP | Xsan administration | -- | vslmp | Xsan Admin (OS X Mountain Lion v10.8 and later) |
389 | TCP | Lightweight Directory Access Protocol (LDAP) | 4511 | ldap | Apps that look up addresses, such as Mail and Address Book |
427 | TCP/UDP | Service Location Protocol (SLP) | 2608 | svrloc | Network Browser |
443 | TCP | Secure Sockets Layer (SSL or HTTPS) | 2818 | https | TLS websites, iTunes Store, Software Update (OS X Mountain Lion and later), Spotlight Suggestions, Mac App Store, Maps, FaceTime, Game Center, iCloud authentication and DAV Services (Contacts, Calendars, Bookmarks), iCloud backup and apps (Calendars, Contacts, Find My iPhone, Find My Friends, Mail, iMessage, Documents & Photo Stream), iCloud Key Value Store (KVS), iPhoto Journals, AirPlay, macOS Internet Recovery, Profile Manager, Dictation, Siri, Xcode Server (hosted and remote Git HTTPS, remote SVN HTTPS, Apple Developer registration), Push notifications (if necessary) |
445 | TCP | Microsoft SMB Domain Server | -- | microsoft-ds | -- |
464 | TCP/UDP | kpasswd | 3244 | kpasswd | -- |
465 | TCP | Message Submission for Mail (Authenticated SMTP) | smtp (legacy) | Mail (sending mail) | |
500 | UDP | ISAKMP/IKE | 2408 | isakmp | macOS Server VPN service |
500 | UDP | Wi-Fi Calling | 5996 | IKEv2 | Wi-Fi Calling |
514 | TCP | shell | -- | shell | -- |
514 | UDP | Syslog | -- | syslog | -- |
515 | TCP | Line Printer (LPR), Line Printer Daemon (LPD) | -- | printer | Printing to a network printer, Printer Sharing in macOS |
532 | TCP | netnews | -- | netnews | -- |
548 | TCP | Apple Filing Protocol (AFP) over TCP | -- | afpovertcp | AppleShare, Personal File Sharing, Apple File Service |
554 | TCP/UDP | Real Time Streaming Protocol (RTSP) | 2326 | rtsp | AirPlay, QuickTime Streaming Server (QTSS), streaming media players |
587 | TCP | Message Submission for Mail (Authenticated SMTP) | 4409 | submission | Mail (sending mail), iCloud Mail (SMTP authentication) |
600–1023 | TCP/UDP | Mac OS X RPC-based services | -- | ipcserver | NetInfo |
623 | UDP | Lights-Out-Monitoring | -- | asf-rmcp | Lights Out Monitoring (LOM) feature of Intel-based Xserve computers, Server Monitor |
625 | TCP | Open Directory Proxy (ODProxy) (unregistered use) | -- | dec_dlm | Open Directory, Server app, Workgroup Manager; Directory Services in OS X Lion or earlier This port is registered to DEC DLM |
626 | TCP | AppleShare Imap Admin (ASIA) | -- | asia | IMAP administration (Mac OS X Server v10.2.8 or earlier) |
626 | UDP | serialnumberd (unregistered use) | -- | asia | Server serial number registration (Xsan, Mac OS X Server v10.3 – v10.6) |
631 | TCP | Internet Printing Protocol (IPP) | 2910 | ipp | macOS Printer Sharing, printing to many common printers |
636 | TCP | Secure LDAP | -- | ldaps | -- |
660 | TCP | Server administration | -- | mac-srvr-admin | Server administration tools for Mac OS X Server v10.4 or earlier, including AppleShare IP |
687 | TCP | Server administration | -- | asipregistry | Server administration tools for Mac OS X Server v10.6 or earlier, including AppleShare IP |
749 | TCP/UDP | Kerberos 5 admin/changepw | -- | kerberos-adm | -- |
985 | TCP | NetInfo Static Port | -- | -- | -- |
993 | TCP | Mail IMAP SSL | -- | imaps | iCloud Mail (SSL IMAP) |
995 | TCP/UDP | Mail POP SSL | -- | pop3s | -- |
1085 | TCP/UDP | WebObjects | -- | webobjects | -- |
1099, 8043 | TCP | Remote RMI and IIOP Access to JBOSS | -- | rmiregistry | -- |
1220 | TCP | QT Server Admin | -- | qt-serveradmin | Administration of QuickTime Streaming Server |
1640 | TCP | Certificate Enrolment Server | -- | cert-responder | Profile Manager in macOS Server 5.2 and earlier |
1649 | TCP | IP Failover | -- | kermit | -- |
1701 | UDP | L2TP | -- | l2f | macOS Server VPN service |
1723 | TCP | PPTP | -- | pptp | macOS Server VPN service |
1900 | UDP | SSDP | -- | ssdp | Bonjour |
2049 | TCP/UDP | Network File System (NFS) (version 3 and 4) | 3530 | nfsd | -- |
2195 | TCP | Apple Push Notification Service (APNS) | -- | -- | Push notifications |
2196 | TCP | Apple Push Notification Service (APNS) | -- | — | Feedback service |
2197 | TCP | Apple Push Notification Service (APNS) | -- | -- | Push notifications |
2336 | TCP | Mobile account sync | -- | appleugcontrol | Home directory synchronisation |
3004 | TCP | iSync | -- | csoftragent | -- |
3031 | TCP/UDP | Remote AppleEvents | -- | eppc | Program Linking, Remote Apple Events |
3283 | TCP/UDP | Net Assistant | -- | net-assistant | Apple Remote Desktop 2.0 or later (Reporting feature), Classroom app (command channel) |
3284 | TCP/UDP | Net Assistant | -- | net-assistant | Classroom app (document sharing) |
3306 | TCP | MySQL | -- | mysql | -- |
3478–3497 | UDP | -- | -- | nat-stun-port - ipether232port | FaceTime, Game Center |
3632 | TCP | Distributed compiler | -- | distcc | -- |
3659 | TCP/UDP | Simple Authentication and Security Layer (SASL) | -- | apple-sasl | macOS Server Password Server |
3689 | TCP | Digital Audio Access Protocol (DAAP) | -- | daap | iTunes Music Sharing, AirPlay |
3690 | TCP/UDP | Subversion | -- | svn | Xcode Server (anonymous remote SVN) |
4111 | TCP | XGrid | -- | xgrid | -- |
4398 | UDP | -- | -- | -- | Game Center |
4488 | TCP | Apple Wide Area Connectivity Service | awacs-ice | ||
4500 | UDP | IPsec NAT Traversal | 4306 | ipsec-msft | macOS Server VPN service |
4500 | UDP | Wi-Fi Calling | 5996 | IKEv2 | Wi-Fi Calling |
5003 | TCP | FileMaker - name binding and transport | -- | fmpro-internal | -- |
5009 | TCP | (unregistered use) | -- | winfs | AirPort Utility, AirPort Express Assistant |
5100 | TCP | -- | -- | socalia | macOS camera and scanner sharing |
5222 | TCP | XMPP (Jabber) | 3920 | jabber-client | Jabber messages |
5223 | TCP | Apple Push Notification Service (APNS) | -- | -- | iCloud DAV Services (Contacts, Calendars, Bookmarks), Push Notifications, FaceTime, iMessage, Game Center, Photo Stream |
5228 | TCP | -- | -- | -- | Spotlight Suggestions, Siri |
5297 | TCP | -- | -- | -- | Messages (local traffic) |
5350 | UDP | NAT Port Mapping Protocol Announcements | -- | -- | Bonjour |
5351 | UDP | NAT Port Mapping Protocol | -- | nat-pmp | Bonjour |
5353 | UDP | Multicast DNS (MDNS) | 3927 | mdns | Bonjour, AirPlay, Home Sharing, Printer Discovery |
5432 | TCP | PostgreSQL | -- | postgresql | Can be enabled manually in OS X Lion Server (previously enabled by default for ARD 2.0 Database) |
5897–5898 | UDP | (unregistered use) | -- | -- | xrdiags |
5900 | TCP | Virtual Network Computing (VNC) (unregistered use) | -- | vnc-server | Apple Remote Desktop 2.0 or later (Observe/Control feature) Screen Sharing (Mac OS X 10.5 or later) |
5988 | TCP | WBEM HTTP | -- | wbem-http | Apple Remote Desktop 2.x See also dmtf.org/standards/wbem. |
6970–9999 | UDP | -- | -- | -- | QuickTime Streaming Server |
7070 | TCP | RTSP (unregistered use), Automatic Router Configuration Protocol (ARCP) | -- | arcp | QuickTime Streaming Server (RTSP) |
7070 | UDP | RTSP alternate | -- | arcp | QuickTime Streaming Server |
8000–8999 | TCP | -- | -- | irdmi | Web service, iTunes Radio streams |
8005 | TCP | Tomcat remote shutdown | -- | -- | -- |
8008 | TCP | iCal service | -- | http-alt | Mac OS X Server v10.5 or later |
8080 | TCP | Alternate port for Apache web service | -- | http-alt | Also JBOSS HTTP in Mac OS X Server 10.4 or earlier |
8085–8087 | TCP | Wiki service | -- | -- | Mac OS X Server v10.5 or later |
8088 | TCP | Software Update service | -- | radan-http | Mac OS X Server v10.4 or later |
8089 | TCP | Web email rules | -- | -- | Mac OS X Server v10.6 or later |
8096 | TCP | Web Password Reset | -- | -- | Mac OS X Server v10.6.3 or later |
8170 | TCP | HTTPS (web service/site) | -- | -- | Podcast Capture/podcast CLI |
8171 | TCP | HTTP (web service/site) | -- | -- | Podcast Capture/podcast CLI |
8175 | TCP | Pcast Tunnel | -- | -- | pcastagentd (such as for control operations and camera) |
8443 | TCP | iCal service (SSL) | -- | pcsync-https | Mac OS X Server v10.5 or later (JBOSS HTTPS in Mac OS X Server 10.4 or earlier) |
8800 | TCP | Address Book service | -- | sunwebadmin | Mac OS X Server v10.6 or later |
8843 | TCP | Address Book service (SSL) | -- | -- | Mac OS X Server v10.6 or later |
8821, 8826 | TCP | Stored | -- | -- | Final Cut Server |
8891 | TCP | ldsd | -- | -- | Final Cut Server (data transfers) |
9006 | TCP | Tomcat standalone | -- | -- | Mac OS X Server v10.6 or earlier |
9100 | TCP | Printing | -- | -- | Printing to certain network printers |
9418 | TCP/UDP | git pack transfer | -- | git | Xcode Server (remote git) |
10548 | TCP | Apple Document Sharing Service | -- | serverdocs | macOS Server iOS file sharing |
11211 | -- | memcached (unregistered use) | -- | -- | Calendar Server |
16080 | TCP | -- | -- | -- | Web service with performance cache |
16384–16403 | UDP | Real-Time Transport Protocol (RTP), Real-Time Control Protocol (RTCP) | -- | connected, -- | Messages (Audio RTP, RTCP; Video RTP, RTCP) |
16384–16387 | UDP | Real-Time Transport Protocol (RTP), Real-Time Control Protocol (RTCP) | -- | connected, -- | FaceTime, Game Center |
16393–16402 | UDP | Real-Time Transport Protocol (RTP), Real-Time Control Protocol (RTCP) | -- | -- | FaceTime, Game Center |
16403–16472 | UDP | Real-Time Transport Protocol (RTP), Real-Time Control Protocol (RTCP) | -- | -- | Game Center |
24000–24999 | TCP | -- | -- | med-ltp | Web service with performance cache |
42000–42999 | TCP | -- | -- | -- | iTunes Radio streams |
49152–65535 | TCP | Xsan | -- | -- | Xsan Filesystem Access |
49152– 65535 | UDP | -- | -- | -- | |
50003 | -- | FileMaker server service | -- | -- | -- |
50006 | -- | FileMaker helper service | -- | -- | -- |
1. The service registered with the Internet Assigned Numbers Authority, except where noted as “unregistered use”.
2. The number of a Request for Comment (RFC) document that defines the service or protocol. RFC documents are maintained by RFC Editor.
Block App Firewall
3. In the output of Terminal commands, the port number might be replaced by this Service Name, which is the label listed in /etc/services.
Query Mac App Firewall Settings
FaceTime is not available in all countries or regions.
Firewall Settings Mac
Learn more
Query Mac App Firewall Password
The application firewall in macOS is not a port-based firewall. It controls access by app, instead of by port.