Repository: l1k/osxparanoia Branch: master Commit: 47a22e7de7b0 Files: 6 Total size: 25.8 KB Directory structure: gitextract_rfuw5xv1/ ├── README.md ├── disabled-services ├── hosts ├── pf.conf ├── pf.hardcoded └── sysctl.conf ================================================ FILE CONTENTS ================================================ ================================================ FILE: README.md ================================================ ## Preventing OS X from phoning home to Cupertino ### Why * When you're pentesting, you want your machine to stay absolutely quiet. * When you're booked into a public wifi, eavesdroppers may glean personal information from traffic inadvertantly generated by your machine. (Some of the hardcoded URLs use unencrypted http.) * If you're a dissident, your whereabouts may be revealed and you may not even know it. ### How * I searched the entire OS X Mavericks base installation for hardcoded URLs and IP addresses. The domain names used in the URLs are hardwired to 127.0.0.1 in `/etc/hosts`. The IP addresses are natted to 127.0.0.1 in `/etc/pf.conf`. A number of LaunchAgents, LaunchDaemons, UserEventPlugins plus all Dashboard Widgets should be disabled by moving them to, say, `/root/disabled/`. Those are listed in `disabled-services`. * Edit `/System/Library/LaunchDaemons/com.apple.mDNSResponder.plist` and add the undocumented option `-NoMulticastAdvertisements`. * Disable Dashboard: `defaults write com.apple.dashboard mcx-disabled -boolean YES && killall Dock` * Disable some IPv6 features of dubious merit in `/etc/sysctl.conf`. ### Caution * This is for Mavericks, not Yosemite. * It will yield a machine that stays quiet when connected to a network but at the expense of convenience features like push notifications. Also, the log files will show a few error messages because of unavailable services. * Several services regularly contact www.apple.com to check for network connectivity. Thus, www.apple.com is blacklisted in `/etc/hosts`. Comment out manually whenever you want to browse that website. * When connected to a wifi, the machine will regularly send EAPOL packets which cannot be disabled because OS X cannot packet filter on Layer 2. (`pfctl(8)` only filters on layer 3 and upwards and `ipfw(8)` doesn't work either.) * OS X stores wifi passwords in NVRAM. This is apparently used by Internet Recovery. Thus, whenever your machine is stolen or lent to someone else, consider your wifi passwords compromised, regardless if the disk was encrypted. It seems that FindMyMacd clears the NVRAM if the machine was stolen but this is not safe: FindMyMacd itself is apparently controlled by NVRAM variables and a thief may change these to disable it. Wifi passwords can be retrieved from NVRAM like this: ``` /usr/libexec/airportd readNVRAM /usr/sbin/nvram 36C28AB5-6566-4C50-9EBD-CBB920F83843:current-network /usr/sbin/nvram 36C28AB5-6566-4C50-9EBD-CBB920F83843:preferred-networks /usr/sbin/nvram 36C28AB5-6566-4C50-9EBD-CBB920F83843:preferred-count ``` Note: This does not work anymore since High Sierra. Note: Deauthing your device from your AppleID will clear the NVRAM for you. ### Ideas for further hacks * Use a proxy on the local machine to MitM or spoof traffic to Cupertino. ================================================ FILE: disabled-services ================================================ /System/Library/InternetAccounts/* /System/Library/LaunchAgents/com.apple.syncdefaultsd.plist /System/Library/LaunchAgents/com.apple.AddressBook.SourceSync.plist /System/Library/LaunchAgents/com.apple.AOSPushRelay.plist # tests reachability of www.apple.com /System/Library/LaunchAgents/com.apple.CalendarAgent.plist /System/Library/LaunchAgents/com.apple.CalendarAgentLauncher.plist /System/Library/LaunchAgents/com.apple.EscrowSecurityAlert.plist /System/Library/LaunchAgents/com.apple.IMLoggingAgent.plist /System/Library/LaunchAgents/com.apple.ManagedClient.agent.plist /System/Library/LaunchAgents/com.apple.ManagedClient.enrollagent.plist /System/Library/LaunchAgents/com.apple.Maps.pushdaemon.plist /System/Library/LaunchAgents/com.apple.SocialPushAgent.plist /System/Library/LaunchAgents/com.apple.aos.migrate.plist /System/Library/LaunchAgents/com.apple.appstoreupdateagent.plist /System/Library/LaunchAgents/com.apple.apsctl.plist /System/Library/LaunchAgents/com.apple.bookstoreagent.plist /System/Library/LaunchAgents/com.apple.cmfsyncagent.plist /System/Library/LaunchAgents/com.apple.coreservices.appleid.authentication.plist /System/Library/LaunchAgents/com.apple.findmymacmessenger.plist /System/Library/LaunchAgents/com.apple.gamed.plist /System/Library/LaunchAgents/com.apple.icbaccountsd.plist /System/Library/LaunchAgents/com.apple.icloud.AOSNotificationAgent.plist /System/Library/LaunchAgents/com.apple.icloud.AOSNotificationLoginAgent.plist /System/Library/LaunchAgents/com.apple.identityservicesd.plist /System/Library/LaunchAgents/com.apple.imagent.plist /System/Library/LaunchAgents/com.apple.librariand.plist /System/Library/LaunchAgents/com.apple.mbloginhelper.user.plist /System/Library/LaunchAgents/com.apple.mbpluginhost.user.plist /System/Library/LaunchAgents/com.apple.maspushagent.plist /System/Library/LaunchAgents/com.apple.mdmclient.agent.plist /System/Library/LaunchAgents/com.apple.mdmclient.cloudconfig.agent.plist /System/Library/LaunchAgents/com.apple.quicklook.config.plist /System/Library/LaunchAgents/com.apple.safaridavclient.plist /System/Library/LaunchAgents/com.apple.sbd.plist /System/Library/LaunchAgents/com.apple.security.cloudkeychainproxy.plist /System/Library/LaunchAgents/com.apple.security.keychain-circle-notification.plist /System/Library/LaunchAgents/com.apple.sharingd.plist /System/Library/LaunchAgents/com.apple.store_helper.plist /System/Library/LaunchAgents/com.apple.storeagent.plist /System/Library/LaunchAgents/com.apple.syncservices.SyncServer.plist /System/Library/LaunchAgents/com.apple.syncservices.uihandler.plist /System/Library/LaunchAgents/com.apple.ubd.plist /System/Library/LaunchAgents/com.apple.wifi.WiFiKeychainProxy.plist /System/Library/LaunchAgents/com.apple.accountsd.plist /System/Library/LaunchDaemons/com.apple.apsd.plist /System/Library/LaunchDaemons/com.apple.AOSNotificationOSX.plist /System/Library/LaunchDaemons/com.apple.FileSyncAgent.sshd.plist /System/Library/LaunchDaemons/com.apple.ManagedClient.cloudconfigurationd.plist /System/Library/LaunchDaemons/com.apple.ManagedClient.enroll.plist /System/Library/LaunchDaemons/com.apple.ManagedClient.plist /System/Library/LaunchDaemons/com.apple.ManagedClient.startup.plist /System/Library/LaunchDaemons/com.apple.awacsd.plist /System/Library/LaunchDaemons/com.apple.coreservices.appleid.passwordcheck.plist /System/Library/LaunchDaemons/com.apple.eapolcfg_auth.plist /System/Library/LaunchDaemons/com.apple.familycontrols.plist /System/Library/LaunchDaemons/com.apple.findmymac.plist /System/Library/LaunchDaemons/com.apple.findmymacmessenger.plist /System/Library/LaunchDaemons/com.apple.iCloudStats.plist /System/Library/LaunchDaemons/com.apple.laterscheduler.plist /System/Library/LaunchDaemons/com.apple.locationd.plist /System/Library/LaunchDaemons/com.apple.mbicloudsetupd.plist /System/Library/LaunchDaemons/com.apple.mdmclient.daemon.plist /System/Library/LaunchDaemons/com.apple.msrpc.echosvc.plist /System/Library/LaunchDaemons/com.apple.msrpc.lsarpc.plist /System/Library/LaunchDaemons/com.apple.msrpc.mdssvc.plist /System/Library/LaunchDaemons/com.apple.msrpc.netlogon.plist /System/Library/LaunchDaemons/com.apple.msrpc.srvsvc.plist /System/Library/LaunchDaemons/com.apple.msrpc.wkssvc.plist # will listen to ports 137, 138 even if turned off in Sharing PrefPane /System/Library/LaunchDaemons/com.apple.netbiosd.plist /System/Library/LaunchDaemons/com.apple.preferences.timezone.admintool.plist /System/Library/LaunchDaemons/com.apple.preferences.timezone.auto.plist /System/Library/LaunchDaemons/com.apple.remotepairtool.plist /System/Library/LaunchDaemons/com.apple.rpmuxd.plist /System/Library/LaunchDaemons/com.apple.security.FDERecoveryAgent.plist # this one is getting on my nerves /System/Library/LaunchAgents/com.apple.TMHelperAgent.SetupOffer.plist /System/Library/UserEventPlugins/AutoTimeZone.plugin /System/Library/UserEventPlugins/BTMMPortInUseAgent.plugin /System/Library/UserEventPlugins/CaptiveSystemAgent.plugin /System/Library/UserEventPlugins/CaptiveUserAgent.plugin /System/Library/UserEventPlugins/EAPOLMonitor.plugin /System/Library/UserEventPlugins/LocationMenu.plugin /System/Library/UserEventPlugins/com.apple.locationd.events.plugin /System/Library/UserEventPlugins/com.apple.reachability.plugin # new with 10.9.3 /System/Library/LaunchAgents/com.apple.appleseed.seedusaged.plist /System/Library/LaunchDaemons/com.apple.appleseed.fbahelperd.plist ================================================ FILE: hosts ================================================ ## # Host Database # # localhost is used to configure the loopback interface # when the system is booting. Do not change this entry. ## 127.0.0.1 localhost 255.255.255.255 broadcasthost ::1 localhost fe80::1%lo0 localhost # 127.0.0.1 www.apple.com 17.171.8.17 crl.apple.com 17.146.232.12 swscan.apple.com # SoftwareUpdate.framework # 127.0.0.1 qa2-int-swscan.apple.com # SoftwareUpdate.framework # 127.0.0.1 swcdnlocator.apple.com # SoftwareUpdate.framework 127.0.0.1 validation.isu.apple.com # SoftwareUpdate.framework # 127.0.0.1 help.apple.com # HelpData.framework # 127.0.0.1 helpqt.apple.com # HelpData.framework # 127.0.0.1 helposx.apple.com # HelpData.framework # 127.0.0.1 support.apple.com # HelpData.framework # 127.0.0.1 lookup-api.apple.com # Lookup.framework # 127.0.0.1 pubsbuild.apple.com # docsetinstalld # 127.0.0.1 extensions.apple.com # Safari.framework # 127.0.0.1 stage-extensions.apple.com # Safari.framework # 127.0.0.1 plugins.apple.com # Safari.framework 127.0.0.1 suggest.yandex.net # Safari.framework 127.0.0.1 suggestion.baidu.com # Safari.framework 127.0.0.1 api.bing.com # Safari.framework 127.0.0.1 sugg.search.yahoo.net # Safari.framework # 127.0.0.1 userpub.itunes.apple.com # iBooks.app # 127.0.0.1 vocabulary.itunes.apple.com # iBooks.app # 127.0.0.1 gcsp.clb.cddbp.net # iTunes.app # 127.0.0.1 gcsp.cddbp.net # iTunes.app 127.0.0.1 members.mac.com # iTunes.app 127.0.0.1 members.me.com # iTunes.app 127.0.0.1 safebrowsing.clients.google.com # iTunes.app 127.0.0.1 nikerunning.nike.com # iTunes.app 127.0.0.1 s.mzstatic.com # iTunes.app 127.0.0.1 ax.itunes.apple.com # iTunes.app 127.0.0.1 limit.itunesu.com # iTunes.app 127.0.0.1 configuration.apple.com 127.0.0.1 iforgot.apple.com 127.0.0.1 identity.apple.com # AppleIDAuthAgent 127.0.0.1 appleid.apple.com # Accounts.prefPane 127.0.0.1 reg1.apple.com # Setup Assistant.app 127.0.0.1 littlebuddy.apple.com # Setup Assistant.app 127.0.0.1 iadsdk.apple.com # iAdCore.framework 127.0.0.1 gil.apple.com # InternetAccounts.framework 127.0.0.1 fdereg.apple.com # Security.framework 127.0.0.1 timestamp.apple.com # Security.framework 127.0.0.1 init-p01st.push.apple.com # ApplePushService.framework 127.0.0.1 init-s01st.push.apple.com # ApplePushService.framework 127.0.0.1 albert.apple.com # ApplePushService.framework 127.0.0.1 www.me.com # AOSKit.framework 127.0.0.1 setup.icloud.com # AOSKit.framework 127.0.0.1 icloud.com # AOSKit.framework 127.0.0.1 init.ess.apple.com # IMFoundation.framework 127.0.0.1 init-p01md.apple.com # IMFoundation.framework 127.0.0.1 scento.apple.com # Install.framework 127.0.0.1 mac-services.apple.com # MailCore.framework 127.0.0.1 idisk.mac.com # OSServices.framework 127.0.0.1 validation.apple.com # PrintingPrivate.framework 127.0.0.1 qtpartners.apple.com # RTCReporting.framework 127.0.0.1 public.me.com # ScreenReader.framework 127.0.0.1 pm-members.mac.com # btmmdiagnose 127.0.0.1 marimba.apple.com # Slideshows.framework 127.0.0.1 gsp2.apple.com # Slideshows.framework 127.0.0.1 porco.apple.com # StoreUI.framework 127.0.0.1 iprofiles.apple.com # cloudconfigurationd 127.0.0.1 suconfig.apple.com # cloudconfigurationd 127.0.0.1 radarsubmissions.apple.com # SubmitDiagInfo 127.0.0.1 messagetracer-whitelist.apple.com # SubmitDiagInfo 127.0.0.1 speedtracer.apple.com # Problem Reporter.app 127.0.0.1 tracerx-radars.apple.com # Problem Reporter.app 127.0.0.1 icalserver.apple.com # ManagedClient.app 127.0.0.1 bugreport.apple.com # IMLoggingAgent 127.0.0.1 1-courier.push.apple.com # IMLoggingAgent 127.0.0.1 2-courier.push.apple.com # IMLoggingAgent 127.0.0.1 6-courier.push.apple.com # IMLoggingAgent 127.0.0.1 init.itunes.apple.com # CommerceKit.framework 127.0.0.1 ax.init.itunes.apple.com # CommerceKit.framework 127.0.0.1 phobos.apple.com # CommerceKit.framework 127.0.0.1 sandbox.itunes.apple.com # CommerceKit.framework 127.0.0.1 static.gc.apple.com # GameKit.framework 127.0.0.1 sandbox.gc.apple.com # GameKit.framework 127.0.0.1 td1.apple.com # GameKit.framework 127.0.0.1 z2r0y.apple.com # GameKit.framework 127.0.0.1 td2.apple.com # GameKit.framework 127.0.0.1 df6ed.apple.com # GameKit.framework 127.0.0.1 td3.apple.com # GameKit.framework 127.0.0.1 cp7vi.apple.com # GameKit.framework 127.0.0.1 td4.apple.com # GameKit.framework 127.0.0.1 gz8rm.apple.com # GameKit.framework 127.0.0.1 link.gc.apple.com # GameKit.framework 127.0.0.1 init.gc.apple.com # GameKit.framework 127.0.0.1 redcarpet.apple.com # HelpViewer.app 127.0.0.1 static.ips.apple.com # Social.framework 127.0.0.1 internalcheck.apple.com # CrashReporterSupport.framework 127.0.0.1 guzzoni.apple.com # AssistantServices.framework 127.0.0.1 hello.connectivity.me.com # mDNSResponder 127.0.0.1 gateway.push.apple.com # emond 127.0.0.1 push.apple.com # networkd 127.0.0.1 gsp9-ssl.apple.com # locationd 127.0.0.1 gsp10-ssl.apple.com # locationd 127.0.0.1 gsp10-ssl.apple.com.com # locationd 127.0.0.1 gs-loc.apple.com # locationd 127.0.0.1 iphone-ld.apple.com # locationd 127.0.0.1 cl-dev.apple.com # locationd 127.0.0.1 cl2.apple.com # locationd 127.0.0.1 cl3.apple.com # locationd 127.0.0.1 gspa35-ssl.ls.apple.com # GeoServices.framework 127.0.0.1 gsp-ssl.ls.apple.com # GeoServices.framework 127.0.0.1 gspa21.ls.apple.com # GeoServices.framework 127.0.0.1 gsp1.apple.com # GeoServices.framework 127.0.0.1 gsps36.ls.apple.com # GeoServices.framework 127.0.0.1 gs.apple.com # MobileDevice.framework 127.0.0.1 appleconnect.apple.com # MobileDevice.framework 127.0.0.1 sso.corp.apple.com # MobileDevice.framework 127.0.0.1 lookup-api.apple.com # Dictionary.app 127.0.0.1 copyfight.corante.com # CaptiveSystemAgent.plugin 127.0.0.1 apsu.apple.com # AirPort Utility.app 127.0.0.1 apfw.apple.com # AirPort Utility.app 127.0.0.1 metrics.apple.com # App Store.app 127.0.0.1 wu-calculator.apple.com # Calculator.app 127.0.0.1 icalbridge.apple.com # Calendar.app 127.0.0.1 feedback.apple.com # Mail.app 127.0.0.1 manifest2.inn.rdca.ls.apple.com # Maps.app 127.0.0.1 slogin.oscar.aol.com # Messages.app 127.0.0.1 api.oscar.aol.com # Messages.app 127.0.0.1 gdata.youtube.com # QuickTime Player.app 127.0.0.1 uploads.gdata.youtube.com # QuickTime Player.app 127.0.0.1 maps.apple.com # QuickTime Player.app 127.0.0.1 depot.info.apple.com # System Information.app 127.0.0.1 iclab.apple.com # QuickTime Plugin.plugin 127.0.0.1 aolauth.icloud.com # AIM.imservice 127.0.0.1 aolauthtest.icloud.com # AIM.imservice 127.0.0.1 api.screenname.aol.com # AIM.imservice 127.0.0.1 startpage.aol.com # AIM.imservice 127.0.0.1 my.screenname.aol.com # AIM.imservice 127.0.0.1 api.login.aol.com # AIM.imservice 127.0.0.1 developer.aim.com # AIM.imservice 127.0.0.1 login.oscar.aol.com # AIM.imservice 127.0.0.1 ars.oscar.aol.com # AIM.imservice 127.0.0.1 aimhttp.oscar.aol.com # AIM.imservice 127.0.0.1 talk.google.com # Jabber.impreferencepane 127.0.0.1 msg.yahoo.com # Yahoo.imserviceplugin 127.0.0.1 api.login.yahoo.com # Yahoo.imserviceplugin 127.0.0.1 login.yahoo.com # Yahoo.imserviceplugin 127.0.0.1 developer.messenger.yahooapis.com # Yahoo.imserviceplugin 127.0.0.1 displayimage.messenger.yahooapis.com # Yahoo.imserviceplugin 127.0.0.1 ftrelay.messenger.yahooapis.com # Yahoo.imserviceplugin 127.0.0.1 attwifi.apple.com # CaptiveNetworkSupport 127.0.0.1 proddav.apple.com # iWork.qlgenerator 127.0.0.1 rabat.apple.com # iWork.qlgenerator 127.0.0.1 members.btmm.icloud.com # Shared Screen Viewer.app 127.0.0.1 idisk.me.com # webdav_fs.kext 127.0.0.1 contacts.icloud.com # AddressBook.framework 127.0.0.1 ink.apple.com # Print.framework 127.0.0.1 gir.apple.com # InstallerPlugins.framework 127.0.0.1 photocast.me.com # ScreenSaver.framework 127.0.0.1 gallery.me.com # WebCore.framework 127.0.0.1 tid.canon.com # PTPCamera.app 127.0.0.1 fmip.me.com # AOSNotification.framework 127.0.0.1 courier.sandbox.push.apple.com # apsd 127.0.0.1 courier.push.apple.com # apsd 127.0.0.1 sandbox.push.apple.com # apsd 127.0.0.1 trackingshipment.apple.com # DataDetectors.framework 127.0.0.1 event.apple.com # DataDetectors.framework 127.0.0.1 gsp17-ssl.apple.com # GeoServices.framework 127.0.0.1 gsp17-2-ssl.apple.com # GeoServices.framework 127.0.0.1 webservices.mac.com # ISSupport.framework 127.0.0.1 m3.mac.com # ISSupport.framework 127.0.0.1 iphonesubmissions.apple.com # AppleMobileDeviceHelper.app 127.0.0.1 iphonediags.apple.com # AppleMobileDeviceHelper.app 127.0.0.1 vinkjo8.apple.com # SetupAssistantSupport.framework 127.0.0.1 secure.me.com # SetupAssistantSupport.framework 127.0.0.1 turn.oscar.aol.com # VideoConference.framework 127.0.0.1 apple-mobile.query.yahooapis.com # WeatherKit.framework 127.0.0.1 api.wunderground.com # WeatherKit.framework 127.0.0.1 lookup.apple.com # WhitePages.framework 127.0.0.1 wu.apple.com # WidgetResources 127.0.0.1 wu-quotes.apple.com # WidgetResources 127.0.0.1 iphone-wu.apple.com # WidgetResources 127.0.0.1 wu-stocks.apple.com # WidgetResources 127.0.0.1 wu-charts.apple.com # WidgetResources 127.0.0.1 wu-converter.apple.com # WidgetResources 127.0.0.1 caldav.icloud.com # CalendarPersistence.framework 127.0.0.1 ical.mac.com # CalendarPersistence.framework 127.0.0.1 qtsoftware.apple.com # QuickTime.framework 127.0.0.1 quicktimepro.apple.com # QuickTime.framework 127.0.0.1 idmsauth-uat.corp.apple.com # Feedback Assistant.app 127.0.0.1 idmsa.apple.com # Feedback Assistant.app 127.0.0.1 appleconnect-uat.apple.com # Feedback Assistant.app 127.0.0.1 appleseed-stage.apple.com # Feedback Assistant.app 127.0.0.1 appleseed.apple.com # Feedback Assistant.app 127.0.0.1 iforgot-uat.apple.com # Feedback Assistant.app 127.0.0.1 xseedapps.apple.com # Feedback Assistant.app 127.0.0.1 appleseed-temp.apple.com # Feedback Assistant.app 127.0.0.1 crucio.apple.com # Feedback Assistant.app 127.0.0.1 ac-at.apple.com # Feedback Assistant.app 127.0.0.1 iforgott.apple.com # Feedback Assistant.app 127.0.0.1 mobile-uat.corp.apple.com # Feedback Assistant.app 127.0.0.1 idmswt.corp.apple.com # Feedback Assistant.app 127.0.0.1 mobile.apple.com # Feedback Assistant.app 127.0.0.1 privftp.apple.com # Feedback Assistant.app 127.0.0.1 cssubmissions-uat.corp.apple.com # Feedback Assistant.app 127.0.0.1 cssubmissions.apple.com # Feedback Assistant.app # 127.0.0.1 www.chromium.org # Chromium.app # 127.0.0.1 www.chrome.com # Chromium.app # 127.0.0.1 developer.chrome.com # Chromium.app # 127.0.0.1 chrome.google.com # Chromium.app # 127.0.0.1 m.google.com # Chromium.app # 127.0.0.1 www.google.com # Chromium.app # 127.0.0.1 www.youtube.com # Chromium.app # 127.0.0.1 code.google.com # Chromium.app # 127.0.0.1 docs.google.com # Chromium.app # 127.0.0.1 groups.google.com # Chromium.app # 127.0.0.1 plus.google.com # Chromium.app 127.0.0.1 plus.sandbox.google.com # Chromium.app 127.0.0.1 ddm.google.com # Chromium.app 127.0.0.1 drive.google.com # Chromium.app 127.0.0.1 www.googledrive.com # Chromium.app 127.0.0.1 history.google.com # Chromium.app 127.0.0.1 mail.google.com # Chromium.app 127.0.0.1 tools.google.com # Chromium.app 127.0.0.1 wallet.google.com # Chromium.app 127.0.0.1 wallet-web.sandbox.google.com # Chromium.app # 127.0.0.1 maps.google.com # Chromium.app # 127.0.0.1 picasaweb.google.com # Chromium.app # 127.0.0.1 sites.google.com # Chromium.app # 127.0.0.1 support.google.com # Chromium.app # 127.0.0.1 translate.google.com # Chromium.app 127.0.0.1 checkout.google.com # Chromium.app 127.0.0.1 cloudprint.google.com # Chromium.app 127.0.0.1 apis.google.com # Chromium.app 127.0.0.1 www.googleapis.com # Chromium.app # 127.0.0.1 maps.googleapis.com # Chromium.app # 127.0.0.1 fonts.googleapis.com # Chromium.app 127.0.0.1 android.googleapis.com # Chromium.app 127.0.0.1 translate.googleapis.com # Chromium.app 127.0.0.1 clients1.google.com # Chromium.app 127.0.0.1 clients2.google.com # Chromium.app 127.0.0.1 clients3.google.com # Chromium.app 127.0.0.1 clients4.google.com # Chromium.app 127.0.0.1 clients2.googleusercontent.com # Chromium.app 127.0.0.1 themes.googleusercontent.com # Chromium.app 127.0.0.1 cache.pack.google.com # Chromium.app 127.0.0.1 csi.gstatic.com # Chromium.app 127.0.0.1 ssl.gstatic.com # Chromium.app 127.0.0.1 www.gstatic.com # Chromium.app 127.0.0.1 t0.gstatic.com # Chromium.app 127.0.0.1 t1.gstatic.com # Chromium.app 127.0.0.1 t2.gstatic.com # Chromium.app 127.0.0.1 t3.gstatic.com # Chromium.app 127.0.0.1 android.clients.google.com # Chromium.app # 127.0.0.1 fonts.gstatic.com # Chromium.app 127.0.0.1 safebrowsing.clients.google.com # Chromium.app 127.0.0.1 alt1-safebrowsing.google.com # Chromium.app 127.0.0.1 alt2-safebrowsing.google.com # Chromium.app 127.0.0.1 alt3-safebrowsing.google.com # Chromium.app 127.0.0.1 safebrowsing.google.com # Chromium.app 127.0.0.1 sb-ssl.google.com # Chromium.app 127.0.0.1 talkgadget.google.com # Chromium.app 127.0.0.1 talkx.l.google.com # Chromium.app 127.0.0.1 talk.google.com # Chromium.app 127.0.0.1 mtalk.google.com # Chromium.app 127.0.0.1 xmpp.google.com # Chromium.app 127.0.0.1 xmppx.l.google.com # Chromium.app 127.0.0.1 relay.google.com # Chromium.app 127.0.0.1 stun.l.google.com # Chromium.app 127.0.0.1 accounts.google.com # Chromium.app 127.0.0.1 accounts.youtube.com # Chromium.app 127.0.0.1 accounts.blogger.com # Chromium.app 127.0.0.1 i18napis.appspot.com # Chromium.app 127.0.0.1 googleads4.g.doubleclick.net # Chromium.app 127.0.0.1 googleads.g.doubleclick.net # Chromium.app 127.0.0.1 ad.doubleclick.net # Chromium.app 127.0.0.1 pubads.g.doubleclick.net # Chromium.app 127.0.0.1 c.admob.com # Chromium.app 127.0.0.1 e.admob.com # Chromium.app 127.0.0.1 media.admob.com # Chromium.app 127.0.0.1 lh3.ggpht.com # Chromium.app 127.0.0.1 lh4.ggpht.com # Chromium.app 127.0.0.1 lh5.ggpht.com # Chromium.app 127.0.0.1 lh6.ggpht.com # Chromium.app 127.0.0.1 pagead2.googlesyndication.com # Chromium.app 127.0.0.1 partner.googleadservices.com # Chromium.app 127.0.0.1 www.googleadservices.com # Chromium.app 127.0.0.1 s0.2mdn.net # Chromium.app 127.0.0.1 prod.fastly.net # Chromium.app 127.0.0.1 chrome.googleechotest.com # Chromium.app # 127.0.0.1 chrome-devtools-frontend.appspot.com # Chromium.app # 127.0.0.1 redirector.googlevideo.com # Chromium.app # 127.0.0.1 redirector.gvt1.com # Chromium.app # 127.0.0.1 etherx.jabber.org # Chromium.app ================================================ FILE: pf.conf ================================================ # # Default PF configuration file. # # This file contains the main ruleset, which gets automatically loaded # at startup. PF will not be automatically enabled, however. Instead, # each component which utilizes PF is responsible for enabling and disabling # PF via -E and -X as documented in pfctl(8). That will ensure that PF # is disabled only when the last enable reference is released. # # Care must be taken to ensure that the main ruleset does not get flushed, # as the nested anchors rely on the anchor point defined here. In addition, # to the anchors loaded by this file, some system services would dynamically # insert anchors into the main ruleset. These anchors will be added only when # the system service is used and would removed on termination of the service. # # See pf.conf(5) for syntax. # # # com.apple anchor point # #scrub-anchor "com.apple/*" #nat-anchor "com.apple/*" #rdr-anchor "com.apple/*" #dummynet-anchor "com.apple/*" #anchor "com.apple/*" #load anchor "com.apple" from "/etc/pf.anchors/com.apple" # redirect hardcoded ip addresses to 127.0.0.1 table file "/etc/pf.hardcoded" nat to -> 127.0.0.1 # only allow outbound connections block in log on ! lo0 pass out on ! lo0 proto icmp pass out on ! lo0 proto udp all pass out on ! lo0 proto tcp all keep state # allow mDNS + IPv6 only on en0 and lo0 block out proto udp from any to any port 5353 block inet6 pass on { en0 lo0 } proto udp from any to any port 5353 pass on { en0 lo0 } inet6 # allow only specific ICMPv6 messages, cf. icmp6(4) and # http://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml block in on { en0 lo0 } inet6 proto ipv6-icmp pass in on { en0 lo0 } inet6 proto ipv6-icmp icmp6-type { \ toobig timex paramprob \ echoreq echorep nirep mtraceresp \ groupqry grouprep groupterm 143 151 152 153 \ neighbrsol neighbradv 148 149 } # allow DHCP OFFER + ACK on en0 pass in on en0 proto udp from any port 67 to any port 68 pass out on ! lo0 route-to 127.0.0.1 from self to ================================================ FILE: pf.hardcoded ================================================ 17.209.80.108 # MobileDevice.framework 17.176.69.14 # Setup Assistant.app 17.176.77.129 # Setup Assistant.app 17.176.80.148 # Setup Assistant.app 17.176.88.148 # Setup Assistant.app 17.230.144.24 # Setup Assistant.app 17.230.152.24 # Setup Assistant.app 17.230.160.24 # Setup Assistant.app 17.230.168.24 # Setup Assistant.app 17.219.209.2 # AVConference.framework 17.221.43.219 # ManagedClient.framework 17.155.5.253 # GameKitServices.framework 17.219.209.2 # GameKitServices.framework 72.247.44.23 # GameKitServices.framework (Akamai) 69.60.7.199 # IMLoggingAgent (Datagram) 17.254.0.50 # wdhelper (nserver.apple.com) 17.112.144.59 # wdhelper (nserver4.apple.com) 17.171.63.40 # wdhelper 18.244.0.188 # memcached (MIT) 2001:4860:b002::68 # memcached (Google) ================================================ FILE: sysctl.conf ================================================ net.inet6.ip6.accept_rtadv=0 net.inet6.icmp6.rediraccept=0 net.inet6.icmp6.nodeinfo=0 net.inet6.icmp6.nd6_accept_6to4=0