Come posso bloccare / chiudere (o eliminare tutti i pacchetti provenienti da) tutte le porte con PF eccetto la porta TCP 80 e TCP 443? Quindi voglio solo usare la porta 80 e 443 via TCP.
Ho provato questo, ma ricevo un errore
sudo gedit /etc/pf.conf
Contenuto:
scrub-anchor "com.apple/*"
nat-anchor "com.apple/*"
rdr-anchor "com.apple/*"
dummynet-anchor "com.apple/*"
anchor "com.apple/*"
load anchor "com.apple" from "/etc/pf.anchors/com.apple"
set block-policy drop
pass in all keep state
pass out all keep state
block in proto tcp to port 80
block in proto tcp to port 443
block drop from any to 93.184.220.29
block drop from any to 93.184.220.70
L'errore:
sudo pfctl -v -n -f /etc/pf.conf
pfctl: Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.
set block-policy drop
/etc/pf.conf:8: Rules must be in order: options, normalization, queueing, translation, filtering
Ho anche provato l'approccio descritto nel link ma non ha funzionato. Link al repository