IP Blocklist / Blacklist Manager for Mac OS X

jd1114
jd1114 used Ask the Experts™
on
Is there an IP address block list manager for the latest versions of OS X similar to Peer Block or Peer Guardian?  I need the ability to block communication between my Mac and thousands of IP addresses without slowing things down.  The block list manager should be able to import a list containing hundreds of thousands of IP addresses in a common format and prevent incoming and outgoing communication between the Mac and IP addresses in the list.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Off the top of my head, have a look at Little Snitch which is way I use.  You can get a trial here: https://www.obdev.at/products/littlesnitch/index.html

It has its own idea of how rules, allow, and block work, but it also runs interactively and tells you when a program is trying to get in or out, and lets you block or approve it immediately, forever, or until you quit the app. It can be a bit annoying in interactive mode for the first week or so while new connections get known, but gets less annoying soon, so that pop-ups of the app finding a new connection get your attention.

the interface looks like this:

Screen-Shot-2019-02-28-at-4.47.41-PM.png

Commented:
There is also the built in firewall, It is under System Preferences->Security & Privacy, then select Firewall. You can add rules there as well. Its interface is a bit more basic, but probably will do what you want.

Screen-Shot-2019-02-28-at-4.50.52-PM.png
OSX Firewall has 2 built in components .. Application Firewall and PF (Packet Filter)

There is a fairly basic interface in the OSX Setting panel .. if you're comfortable with Command Line you can customise settings also in Terminal

There are a couple of applications Murus and Vallum that have a better and more comprehensive interface on these Firewalls
https://vallumfirewall.com/
https://www.murusfirewall.com/

Little Snitch is primarily an OUTBOUND firewall/filter and allows you to stop/block outgoing traffic but is not really useful for incoming.  I use it .. but on the understanding that its outbound-only

Your specific requirements to block a long list of IP addresses
You can get PeerGuardian for OSX - https://sourceforge.net/projects/peerguardian/
Use Murus Lite (the free version) which can also import a blacklist of IPs

In terms of outgoing connections you could also use a program like Gas Mask to import a load of IPs into your HOSTS file which can block all outgoing traffic
https://github.com/2ndalpha/gasmask


https://www.obdev.at/products/littlesnitch/index.html
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

nociSoftware Engineer
Distinguished Expert 2018

Commented:
fail2ban can be used: See also this reference.
It does require to rework the binary logs though:  https://sourceforge.net/p/fail2ban/mailman/message/36279745/
It's easier to install fail2ban through Homebrew (https://brew.sh) and use a standard linux tool.  Unfortunately, they removed ipfilter, a standard bsd firewall (equivalent to iptables on linux) so you can't have equivalent settings and have to learn a different set of command tools.

Here's
http://krypted.com/mac-security/command-line-firewall-management-in-os-x-10-10/

Author

Commented:
Thank you all for your comments.  Eoin, do you have experience with or knowledge of Murus Lite (or the full version) being able to use a black list containing hundreds of thousands of IPs without slowing down the system or freezing?  

Also, it appears that PeerGuardian is no longer developed for OSX so would not work on the current version.  It would be an excellent solution otherwise, though.
I've played with Murus Lite .. but to be honest never pushed it with more than 100 IPs .. hundreds of thousands could well be an issue.  Suck it and see or email the developer for guidance.  To be honest your requirement sounds like it would be best handled by a hardware (or VM device) on your LAN as that level of blocking/checking is more suited to a dedicated device rather than trying to do it inside an OS which is not optimised for filtering network traffic.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial