Technology. Explained.

Computer, Internet, Mac (OS X), Privacy & Security, Software, Utilities

How to block Mac outgoing connections in 2020

photo of a yellow ethernet cable placed on a blue surface

It’s been four years since we explained how to block outgoing connections on a Mac using a third-party tool (TCPBlock), but Apple still hasn’t offered any built-in solution to deal with this task. While you can easily block all incoming connections using the built-in firewall, there is still no way to deal with outbound connections. While you can still download TCPBlock from this link, you should look for better alternatives since it hasn’t been updated in over five years.

We also explained how to use Little Snitch 3 to block outgoing connections on a Mac, but here we want to present some better and up-to-date alternatives so that you can choose what is best for you.

Unfortunately, until Apple comes up with a solution, OS X users will have to continue using workarounds or dedicated third-party tools for this purpose.

Block outgoing connections on Mac

Several alternatives exist to block outgoing connections on OS X, and here we present a few so that you can choose the one you think best suits your needs.

The first solution makes use of the Mac Terminal to block outgoing connections, meaning it doesn’t require you to install any third-party tools. The downside is that it is a slightly less user-friendly solution.

The second solution is to let a program do the hard work for you. There are many tools available for download, either for free or for a one-time fee.

Let’s start by taking a look at the first option, how to block outgoing connections from the Terminal

Block outgoing connections using the Terminal

In order to block outgoing connections using a Terminal, you need to know the specific IP address associated to the service you want to block communication with. There are several ways to find your target IP address. One way is to monitor all open connections in OS X with the lsof -i Terminal command. If you are sure how to get this information don’t worry, you can just proceed to the next section that makes use of third-party tools to block specific outgoing connections. If you, however, happen to know the exact IP address you want to block, this solution might be the perfect fit for you.

Even though the process may not be familiar to you, especially if you’re not used to using the Terminal, it is a fairly straight forward procedure to follow. To configure your Mac to block a specific outgoing connection, proceed as follows:

  1. Open the Terminal.
    There are multiple ways to do this: one way is to open your Applications folder, then click on Utilities and finally on Terminal. A faster way is to launch Spotlight by pressing Cmd + Space, type “Terminal” in the bar and double-click the search result.
  2. Create a backup copy for the hosts file.
    Type (or copy and paste) the following in the Terminal you just opened: this will create a copy of the hosts file on your Desktop so that, should anything go wrong, you can easily revert the changes you made. You may be prompted for your password, in this case just type it and press Enter. Here, sudo is needed to give you admin privileges, while cp is used to copy a file from one place to another.
  3. Edit the hosts file by adding the IP addresses you wish to block.
    You can use the nano text editor to do this, as follows: you should be presented with the content of the file, inside the Terminal. Again, if you are prompted for your password just go ahead and enter it, it is needed due to the sudo command.
    Make sure you don’t edit any of the existing sets of rules, as this may cause unwanted behavior. Carefully navigate below the existing rules using the Down Arrow, and proceed by typing the IP address you wish to block, followed by a space character and the appropriate domain name. Each entry goes on a separate line, like in this example:
  4. Save the changes you made.
    You can just use the key combination Ctrl + O, and exit the nano text editor by pressing Ctrl + X. Close the terminal.
  5. Reset the cache.
    Reopen the Terminal and type:

Done!

If you notice any strange behavior, remember you made a copy of your hosts file on your Desktop. I suggest you keep it there for a few days and, if you ever want to revert the changes you made, just edit the hosts file again to match the backup copy you have.

Block outgoing connections using third-party tools

If you don’t feel comfortable using the Terminal, don’t know the exact IP address you need to block, or just prefer the convenience of having a dedicated tool, this section is for you. Using a third-party tool may also be the best solution in cases where you need to block a lot of IP addresses and/or you frequently need to change them. Application firewalls are built just for this task.

There are multiple tools to do this: Little Snitch, LuLu, NoobProof, TCPBlock, Hands Off, WaterRoof, and Radio Silence are some of them. TCPBlock is by far my favorite due to its simplicity and lightweight, but unfortunately it was discontinued years ago.

For this post, I decided to stick with a paid and a free alternative: Little Snitch and LuLu.

LuLu

If you are looking for a free alternative to block outgoing connections on your Mac, LuLu is a great open source program whose source code is publicly available on GitHub.

To install LuLu, you just need to navigate to their website and click Download. This will download a zip archive containing the application. Once downloaded, you can extract the archive’s content either by dragging the zip content inside a folder, or by right-clicking on the zip archive.

Simply double-click on LuLu Installer and click Install to proceed with the installation. You will need to restart your mac upon completion. Upon reboot, proceed by configuring the program as you wish.

LuLu will alert you anytime a new/unauthorized process attempts to create an outgoing connection. To block a specific application from accessing the internet, you can change that specific application’s rule by launching the LuLu application or by clicking on Rules in the status bar menu.

And that’s it! Now you easily change any permission you want just by accessing the application at any time. For more complete instructions regarding your specific needs, or for troubleshooting, you can visit LuLu’s website which has some very nice tutorials.

Little Snitch 4

Although Little Snitch is not cheap, many people prefer it over alternative solutions. Before buying a license, you can download a free trial to see if the application has everything you are looking for. If you want to buy a license, you can do so at this link.

To download Little Snitch, just click on Download and double click on the installer once it gets downloaded. The installation process is very straightforward and you just need to restart your Mac at the end of the installation process.

You can now launch Little Snitch and you will be presented with some rules that it created for you. You shouldn’t need to change any of these rules as it may compromise your Mac’s behavior and cause malfunctioning.

Just like with LuLu, you will be warned any time an application tried to communicate over the internet. At this point, you have different options: you can have the connection blocked or allowed, either temporarily, always or just once.

You can also manually create a custom rule by selecting New Rule, which also allows you to only block specific ports.

Done!

If you wish to use TCPBlock, you can check this post.

Liked this post? Share it using the buttons below and follow us! 🙂

Leave a Reply