Block port on all interfaces using PF

Question

Trying to block incoming traffic on all interfaces to a specific local port on Mac OS X 10.11.15, including loopback.

This is my /etc/pf.conf:

scrub-anchor "com.apple/*"
nat-anchor "com.apple/*"
rdr-anchor "com.apple/*"
dummynet-anchor "com.apple/*"
anchor "com.apple/*"
load anchor "com.apple" from "/etc/pf.anchors/com.apple"

block in quick to any port 63342

However, when attempting to apply this rule, I get an error (line 29 is the one with the block rule):

✗ sudo pfctl -f /etc/pf.conf
pfctl: Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.

No ALTQ support in kernel
ALTQ related functions disabled
/etc/pf.conf:29: port only applies to tcp/udp
/etc/pf.conf:29: skipping rule due to errors
/etc/pf.conf:29: rule expands to no valid combination
pfctl: Syntax error in config file: pf rules not loaded

What would be the correct syntax in this case?

score 9 · Accepted Answer · answered Aug 17 '16 at 15:34

9

The proper rule is:

block in quick inet proto { tcp, udp } from any to any port 63342

Some parts may be omitted (e.g. inet or from any) with a slightly different meaning.

answered Aug 17 '16 at 15:34

klanomath

66,391
9
130
201

Block port on all interfaces using PF

1 Answers1