Small Firewall Victory

After installing the Murus front end for the built-in pf firewall in macOS, almost all my network services were unavailable. Print sharing, file sharing and other services simply didn’t work.  The firewall has the mDNS port (UDP/5353) open by default, but that didn’t seem to matter.  Disabling the firewall helped, so clearly there was a configuration problem somewhere.

After a little reading, I found the problem:  mDNS uses a multicast address (224.0.0.251 specifically) for advertisements.  These are not enabled in Murus by default.  Adding a new group to handle the addresses fixed the problem!

Murus Multicast Group
Fig. 1: Murus with the new multicast group
Multicast Addresses
Fig. 2: IPv4 and IPv6 multicast addresses. I added the entire multicast space to the firewall. I know violates security best practices, and I will refine in the future.

Leave a Reply

Your email address will not be published. Required fields are marked *