I know that this issue has been discussed a number of times before in this forum, but as far as I know, and unless I missed it, to date, no permanent solution has been offered yet.
Blocking Outbound Connections with Little Snitch. The firewall in Mac OS X is designed to stop incoming connections. When youire connected to the Internet directly, and your IP address is visible, hackers can generally see your Mac and construct a variety of attacks.
A little history . . .
I use the SheepShaver emulator in order to run my old Macintosh, telnet-accessible Hermes II BBS under Mac OS 9. SheepShaver in turn runs under El Capitan, on which I have Little Snitch installed.
In recent months, I have meticulously logged and analyzed all attempts to find vulnerabilities in my BBS setup. In fact, the bots which daily pound my system with literally thousands of brute force attacks, are no doubt testing a lot of other ports, in addition to the standard telnet port 23.
To combat this problem, until now, I have been using an old Mac OS 9 firewall app. However, the problem is that this app appears to be limited to blocking about 500 IP addresses, whether they are single IP addresses, or IP ranges, and I have already identified many thousands of IP addresses and IP ranges where these attacks originate.
As it turns out, THE VAST MAJORITY OF THESE ATTACKS ARE COMING FROM CHINA, and I mean literally thousands of them every single day.
If you visit this website . . .
http://www.nirsoft.net/countryip/index.html
. . . and then visit the China page, you will see exactly how huge the problem with Chinese hackers really is. There is no way that I can possibly block all of China's IP blocks from within Mac OS 9.
If you have an always-on connection -- that is, cable modem, DSL modem, Intranet, etc. -- and if you run any kind of a website or web service, your server is no doubt likewise being hit many times throughout the day -- even if you are not aware of it -- just like mine is.
At any rate, I have decided that instead of trying to block IP ranges inside of SheepShaver and Mac OS 9 -- where I am limited to those 500 IP addresses -- I want to try to use Little Snitch to block every single ping that comes from China, because I am really sick of these vulnerability attacks.
Why?
Because even if the attacks are not successful, I still see these bots trying to log in to my BBS throughout the day, everyday, and I am tired of looking at them on my BBS log on screen.
Block Ip Address Firefox
The question is, how to do it. As I said, China has a boatload of IP ranges. However, I am prepared to block every last one of them, if there is a way to do it.
If such a method does not currently exist in Little Snitch, then I would like to strongly encourage the Objective Development team to make a way, because given the level of vulnerability attacks which we all experience daily, this is really a necessity.
My idea is this . . .
What would really be cool would be if a Little Snitch user could simply tell Little Snitch to block all incoming pings from a particular country, reference the correct page for that particular country on the aforementioned website, and then automatically make the necessary rules to permanently block every single IP block that is found on that page for that particular country.
How To Block Ip Address With Little Snitch 2
No doubt this would require a lot of coding work on the part of the Little Snitch developers, but I am sure that there are many other Little Snitch users like myself who would really appreciate being able to block incoming requests from an entire country with just a few clicks of the mouse . . . beginning with China!I hope that this message spurs some conversation, as well as some action on the part of the Little Snitch team.
Thanks for listening.
You can edit the hosts file using terminal, although I'd not recommend it if you're unsure what you're doing. But doing so you can block outgoing access to specified IP addresses or websites.
How To Block Ip Address With Little Snitch Online
If you simply want to stop your mac connecting out, why do you not simply turn off your wifi so you're not connected to the internet?
Alternatively a GUI firewall like Little Snitch would be a better option as it gives you very granular options for blocking incoming/outgoing traffic and is fairly easy to use and set up.