How to: Block network access for application
Selectively blocking network access is no easy task. Especially if you want to do it often (e.g. while manually testing something). Turning off Wi-Fi is fast, but what if you want to google something while running an application that shouldn’t communicate with the outside world?
It turns out that it is actually easy in Mac OS X via
This utility include
sandboxd service which is preventing your newly downloaded applications from being started immediately - you’ve probably seen “This application has been downloaded from the internet…” dialog triggered by that service.
It also has
sandbox-exec utility, which allows you to run an app within sandboxed environment and one capability is restricting everything in this environment from accessing internet.
Here is how you can do it.
First of all, create sandbox profile for the particular application, let’s say
nonet.sb in your home folder:
(version 1) (allow default) (deny network*)
Then starting application in the no-network sandbox mode can be done as follows (starts Skype without network access):
sandbox-exec -f $HOME/nonet.sb /Applications/Skype.app/Contents/MacOS/Skype
P.S.: If you quit sandboxed application and then start it again without applying the sandbox profile, the application will not be denied from accessing internet.