TCPBlock
April 17, 2011 108 Comments
Download TCPBlock v2.10
About
TCPBlock is a lightweight and fast application firewall for Mac OS X 10.5 or later developed by delantis.com.
The Mac OS X firewall protects you from connections that come from outside of your computer. But what about the software from your computer that opens new connections to the internet? With TCPBlock you can prevent selected applications on your computer from opening connections to the network.
TCPBlock is implemented as a loadable kernel module which contains all the blocking logic. You can configure it in the System Preferences TCPBlock preference pane or with the tcpblock command line utility. All the configuration changes are made persistent in a configuration file on the hard disk. At system boot time the TCPBlock kernel extension reads its configuration from disk and is ready to go.
How to use it
In System Preferences open the TCPBlock preference pane. You can choose to enable the firewall, to block all connections to the network and you can specify if your application list is a black list with items to disallow or a white list with items to allow.
In the Application List tab use the + button to add new applications to the list. Use “Select Applications” from the + button menu to add applications or choose “New Item” and type the Unix command name of the application.
In the Connecting Apps tab you have a live view of the current network activity. It displays the last up to 100 network connections. To include connecting apps in your application list select one or more items in the connecting apps table and click the button “Insert into Application List”.
Note that, due to the limited knowledge of filenames in the Mac OS X kernel only the first 16 characters of the command name are used for name comparisons. Any characters above this limit are truncated.
Advanced configuration
Use the command line client /usr/local/bin/tcpblock to configure TCPBlock or to monitor its activities.
tcpblock -h lists all the available options.
The TCPBlock configuration is stored in the file /etc/tcpblock.conf. If you edit this file then execute tcpblock -c to load the changed configuration. This file is overwritten if you configure TCPBlock with the preference pane or the tcpblock utility.
To get the Unix command name you need if you have chosen “New Item” to add a new application to the application list open a Terminal and type “/usr/local/bin/tcpblock -m” to start the TCPBlock network monitor. As soon as your application tries to establish a network connection it is listed in the network monitor. Copy the application name from the network monitor and paste it into the preference pane application list.
Support for Growl notifications
Install Growl on your computer if you not already have it. TCPBlock will not install Growl for you.
In the TCPBlock Preference Pane enable the sending of Growl notifications. This will register three types of notifications with Growl: “Block outcon”, “Allow outcon” and “Allow incon”. As default only the “Block outcon” notification is displayed. If you want to see the other types of notifications you have to open the Growl Preference Pane and configure there the notification display options for the TCPBlock application.
If more than one notification of the same type is sent at the same time they are coalesced into a single notification to avoid flooding your display with too many messages. Note that not all Growl display plugins support coalescing.
Logging
You can set the TCPBlock log level with a slider in the preference pane.
Your options are: No logging at all, log only the blocked connections and log all connections. The last option logs both blocked and allowed connections. All the log information is written to the file /var/log/system.log in Leopard and /var/log/kernel.log in Snow Leopard.
Donate $10
TCPBlock is donationware.
If you use it please consider supporting its maintenance with a donation to delantis.com.
Donate $10 via PayPal to tcpblock@delantis.com.
Thank you for supporting TCPBlock!
Changelog
*******************************************************************************
October 20, 2011
TCPBlock v2.10 is released. What’s new:
Filter UDP Protocol
Additionally to the TCP protocol TCPBlock filters and blocks the UDP protocol. UDP provides a minimal, unreliable, best-effort, message-passing transport to applications and upper-layer protocols. As we know from the Windows world many trojans are using UDP to communicate. With TCPBlock you can filter the two most widely used internet communication protocols.
For blacklist users no configuration changes are required. If you are using a TCPBlock whitelist then you may wish to include in the list some basic system services like NTP or DNS, which are using UDP.
Report if apps are connecting over TCP or UDP
In the Connecting Apps tab and in the TCPBlock Network Monitor you can see which communication protocol is used.
Improved logging
You can set the TCPBlock log level with a slider in the preference pane. Your options are: No logging at all, log only the blocked connections and log all connections. The last option logs both blocked and allowed connections. All the log information is written to the file /var/log/system.log in Leopard and /var/log/kernel.log in Snow Leopard.
Incompatibility with nginx resolved
An incompatibility which causes your Mac to crash if the nginx web server is used together with TCPBlock is resolved.
*******************************************************************************
September 25, 2011
TCPBlock v2.9 is released. Here you have a summary of the new features:
Support for Growl notifications
Install Growl on your computer if you not already have it. TCPBlock will not install Growl for you.
In the TCPBlock Preference Pane enable the sending of Growl notifications. This will register three types of notifications with Growl: “Block outcon”, “Allow outcon” and “Allow incon”. As default only the “Block outcon” notification is displayed. If you want to see the other types of notifications you have to open the Growl Preference Pane and configure there the notification display options for the TCPBlock application.
If more than one notification of the same type is sent at the same time they are coalesced into a single notification to avoid flooding your display with too many messages. Note that not all Growl display plugins support coalescing.
The notifications will give you a quick overview of the current network activity of your Mac.
Option tcpblock -mt displays a timestamp when network activity occurs
You can let the command line network monitor work unattendedly overnight, and write all network activity into a log file. With the timestamp you can see when the connection happens.
Improved detection of the process name an incoming connection connects to
TCPBlock now maintains a list of all programs on your Mac as soon as they are listening for incoming connections. If an incoming connection is made then TCPBlock looks in its list for the program which is serving the new connection and display its name. You can configure TCPBlock to notify you about incoming connections.
TCPBlock Kernel Module stability improvements
Kernel programming is an immense responsibility. You must be exceptionally careful to ensure that your code does not cause the system to crash, does not provide any unauthorized user access to someone else’s files or memory, does not introduce remote or local root exploits, and does not cause inadvertent data loss or corruption. The TCPBlock kernel code has been carefully reviewed and improved.
*******************************************************************************
| Date | Version | What’s new |
|---|---|---|
| October 20, 2011 | 2.10 | Filter UDP Protocol. Report if apps are connecting over TCP or UDP. Improved logging. Incompatibility with nginx resolved. |
| September 25, 2011 | 2.9 | Support for Growl notifications. Option tcpblock -mt displays a timestamp when network activity occurs. Improved detection of the process name an incoming connection connects to. TCPBlock Kernel Module stability improvements. |
| December 8, 2010 | 2.8 | Network Monitor shows incoming connections too. Connecting Apps tab shows incoming network connections in light gray and apps already included the Application List in dark gray. Connecting Apps table automatically scrolls to the end of the list. The configuration of the previous version is reused. Minor GUI changes. |
| December 1, 2010 | 2.7 | Support for 64-bit kernels added. |
| November 26, 2010 | 2.6 | Initial setup simplified. Set application to be blocked within few mouse clicks. Connecting Apps tab shows live network activity. |
| November 13, 2010 | 2.5 | Sort application list. Edit the application name. |
| November 4, 2010 | 2.4 | Public release. |
About Jo Delantis
Is this compatible with Lion?
I have never tested it with Lion. It should be compatible. I would appreciate it a lot if somebody can test it with Lion and write me the results.
RoaringApps says it works fine.
TCPBlock runs flawless in MacOS X Lion.
Installer, restart, add application in Lion´s system preferences (TCPBlock).
Simple, efficient – excellent alternative to LittleSnitch!
Thank you very much!
I have Lion, and it seems to work fine. At least so far
I tested it on two machines with Lion, works great! Thanks a lot!!
Every time I restart my computer (not including the restart after installation) I get the following error message:
“Connection to the TCPBlock Kernel Extension failed! Please reinstall the TCPBlock.pkg to make shure you get not only this Preference Pane but also the required components.”
And every time I reinstall from the .pkg and every time this error returns =/ It’s a shame because it’s GREAT.
I’m running OS X 10.7.1 on a MacBook Pro 15″, dual-booted (via bootcamp) with Windows 7. Any idea what’s going on?
You get this error because the TCPBlock Preference Pane can not communicate with its kernel extension, most likely because the kernel extension is not loaded.
You can check with the command line client if the communication with the kernel extension works by opening a Terminal and type: /usr/local/bin/tcpblock -s
By typing “kextstat” in a Terminal you get the list of all loaded kernel extensions. Look if the extension com.delantis.kext.tcpblocknke is in the list.
You can open the file /var/log/kernel.log and search for tcpblocknke related error messages.
The kernel wasn’t there. So I’m wondering why it wouldn’t be there if it works when I first install it. Any ideas? As I said, it works the first time after installation, but when I restart the computer again, it stops working.
If after the first reboot TCPBlock works and after the second not, then may be something on your system is changing the required TCPBlock start files.
You can start the kernel extension manually with the comand:
osx:~> sudo /usr/local/bin/tcpblocknke
Thankyouthankyouthankyou. I restarted the kernel extension manually and it did the trick. Not sure if it will keep it working, but in future I’ll just run that command (which is easier than re-installing it each time >_>)
This problem hasn’t lessened my love for this software, though, because it’s so simple to use, yet it’s 100% effective for what I need it for ^_^
I am using tcpblock (white list) with Snow Leopard 10.6.8 so should I disable the Mac OS X firewall or do they work well together ?
You should not disable the Mac OS X firewall. They work together. Really important from a security point of view it is to monitor and block incoming connections. This is done very reliably by the Mac OS X firewall.
If you are interested in what programs are phoning home in the background you need an outbound firewall like TCPBlock. With TCPBlock you can deny outgoing connections of selected apps.
Can I use this with LS and something like NoobProof (eg. another ipfw application) simultaneously Jo? Or do I need to disable one or both of these to get the best out of TCP Block (yes I tend to err on the side of “more is better” when it comes to net security:) Thanks, M
You can use it together with this programs. TCPBlock does not limit you to use other security tools. Use their features as you need to satisfy your security requirements.
Bonjour,
Comment sont effectuer les mises à jour?
Merci pour votre application
Sorry, I don’t speak French. If you mean update then all you have to do is to wait until a new version is available and install it with the Mac OS Installer.
Hi Jo,
I’ve downloaded TCPBlock and its perfect for me!
One thing however is not working- I click on ‘Enable Growl Notifications’ and an error message comes up- ‘The operation could not be completed. Permission Denied’.
I then click ok, then deselect ‘Enable Growl Notifications’. A different error message pops up- ‘launchctl failed to unload /Users/alex/Library/LaunchAgents/com.delantis.tcpblock.plist with status 1′
I checked in the Library and the folder mentioned above, and there is no file ‘com.delantis.tcpblock.plist’
I have deinstalled and reinstalled twice, with no difference. Any ideas or advice on what’s happening and what to do would be great, thanks!
When you click ‘Enable Growl Notifications’ then the file /Library/PreferencePanes/TCPBlock.prefPane/Contents/Resources/com.delantis.tcpblock.plist is copied into your home directory to /Users/alex/Library/LaunchAgents/com.delantis.tcpblock.plist. This copy fails on your computer either because the source file can not be read or the destination file can not be written.
Okay, thanks for the quick reply! I went to the first folder and copied the file to the second file, so it works now! Thanks a lot!
TCPBlock (2.9) doesn’t play nice with nginx (1.0.7); starting nginx while TCPBlock is running invariably leads to a kernel panic. I’ve dug into the system logs, but I couldn’t tell what the culprit is, exactly.
I updated both TCPBlock and nginx on the same day, so I’m not entirely certain which one’s to blame, but I think TCPBlock is more likely.
Thanks for your report. I have found the place in the TCPBlock code causing this incompatibility and will include the fix in the next version.
Cool, thanks.
Please test if the issue is solved with the new version 2.10.
Hi,
i’m using TCPBlock (2.9) on Lion. It won’t growl. I installed growl, enabled the growl notification, but TCPBlock is not listed in the Growl Preferences -> Applications. What can i do?
Generate some network activity, by starting your browser and surfing the web. When TCPBlock sees the network activity it will register with Growl and will get listed in the Growl preference pane.
Nope, i have tried blocking apps i have tried allowing apps using either block or whitelisting them. I can see the activity in the “Connecting Apps” windows and nothing happens. Growl keeps quiet. Other apps can growl. Any ideas?
Which Growl version do you use? Do you see in the Console.app some TCPBlock or Growl related messages?
I have the same problem on Lion with Growl 1.2.2. TCPBlock 2.10 won’t appear in Growl’s preferences.
I had the same problem and it was caused by an incorrect permission on the folder containing the tcpblock executable. I ran “sudo chmod 0755 /usr/local/bin” in the shell and after that growl notifications started working (Growl 1.2.2 / TCPBlock 2.10 on Lion). Hope that helps.
Hi,
i use growl 1.3. Fresh downloaded from the appstore. The system.log is full with the following. I marked one line that may be of interest.:
Oct 8 06:57:02 USERS-MAC com.apple.launchd.peruser.501[239] (com.delantis.tcpblock): Throttling respawn: Will start in 10 seconds
Oct 8 06:58:42 USERS-MAC com.apple.launchd.peruser.501[239] (com.delantis.tcpblock[6601]): posix_spawn(“/usr/local/bin/tcpblock”, …): No such file or directory
Oct 8 06:58:42 USERS-MAC com.apple.launchd.peruser.501[239] (com.delantis.tcpblock[6601]): Exited with code: 1
But blocking seems to be working just fine. Just no growl.
/usr/local/bin/tcpblock is a part of TCPBlock and required for sending the Growl notifications. Please check if the file is on your Mac. If not then reinstall the TCPBlock_v2.9.pkg. If so, then check if you can access the file and if the file is an Unix Executable File.
i reinstalled. And the executable is there.
This is the log of the installation process i think it contains a few errors:
(*** log removed ***)
The log looks ok. What about the notifications? Any new errors?
no, no new errors just no growling
I have heard rumors that some apps have trouble to send notifications with Growl 1.3. As I don’t use Lion I can not test it. The notifications should work if you downgrade to Growl 1.2.2 which is running on Lion. I would be grateful if you can test whether you get notifications with the downgraded Growl version.
Hi,
I have the same problem with Growl 1.3, tcpblock no growling.
Thanks for your report. I will add support for Growl 1.3 in a next version of TCPBlock.
Jo,
I just wanted to say thank you for this brilliant app. Its just perfect. So simple and intuitive to use. Keep up the great work !!! Thank you
***warning***
Seems to mess really bad with vmware fusion (newest version on lion). I had hard freezes when starting vmware only until I uninstalled TCPBlock 2.9 completely.
Please test if you still have hard freezes with the new TCPBlock version 2.10.
I’m on the old growl, but aren’t seeing any growls. Some apps dont seem to show up in “Connecting Apps’ either, like spotify.
The system log shows:
Nov 2 17:27:18 everybean GrowlHelperApp[1209]: TCPBlock registered
Nov 2 17:27:18 everybean GrowlHelperApp[1209]: —
Nov 2 17:27:18 everybean GrowlHelperApp[1209]: TCPBlock: Allow outcon (helpd -> 184.85.108.244:443) – Priority 0
Nov 2 17:27:20 everybean GrowlHelperApp[1209]: TCPBlock registered
Nov 2 17:27:20 everybean GrowlHelperApp[1209]: —
Nov 2 17:27:20 everybean GrowlHelperApp[1209]: TCPBlock: Allow outcon (helpd -> 184.85.108.244:443) – Priority 0
This is because as default the “Allow outcon” messages are not displayed with Growl. If you want to see this type of notification you have to open the Growl Preference Pane and configure there the notification display options for the TCPBlock application.
I will check why spotify does not show up.
growl 1.3.1 on Lion 10.7.2 does not show any notifications and does not list TCPBlock in its app list so it is not possible to configure it.
Unfortunately TCPBlock can not send notifications because of some changes introduced with Growl 1.3. The notifications should work if you downgrade to Growl 1.2.2 which is running on Lion.
But can it be fixed in new version of TCPBlock?
Yes, I am planning to fix it in a new version.
How do you uninstall this app ?
Thanks
a.
Use the uninstaller UninstallTCPBlock.app included in the TCPBlock dmg.
Hi Jo,
Sorry I’m new to this. Been running LS for a few years but am very happy to find your software Many thanks for your effort!
I’m just trying to learn how to use things at the moment. I’m not sure what I am looking at in the connecting apps window. I can see many kernel-tasks being blocked but have no idea what they are, also helps pops up a lot. Can you explain what these things are please?
Also I opted to use a white list and allow software bit by bit. With safari, although I allowed it TCPBlock blocked download of any page until I inserted a blocked web process into the application list. This was not the case with firefox. I’m just a little aware that I might miss the point of the connecting apps window.
Once again many thanks
Nico
just a correction, in the connecting apps I am seeing “helpd” notifications (not “helps”)
Using the growl 1.2.2 Fork called 1.2.2f I do not get growl notifications. Monitor has log entries saying:
(com.delantis.tcpblock[954]) posix_spawn(“/usr/local/bin/tcpblock”, …): No such file or directory
Hi,
i get a similar error. If i try to enable growl notifications i get a popupmessage “The operation couldn’t be completed. No such file or directory”
I use Snow Leopard on an Macbook 1,1
Greetings
you an fix that by fixing permissions on /usr/local. sudo chmod go+rx /usr/local in my case.
I have been using TCPBlock and it was working quite nicely until I did a clean install and started to use 2.10. Now the blocked apps list is no longer there after I restart. PPC G4 OSX 10.5.8. I have uninstalled and reinstalled and the same continues. No offense, but it’s a real pain in the ass to redo all of the apps each time after a restart. Is there anything I can try? As I said it was holding the apps list before.
Hi, would it be possible to allow traffic to localhost (127.0.0.1 and ::1), even if the application is blocked? That way, e.g. I could allow my browser to access a local website for test/development, but block outgoing traffic.
Another use would be to disallow outgoing traffic, but allow a proxy process to control the (dis)allowed traffic.
For your information. I use TCPblock when I’m on GPRS to reduce traffic, but would like to work with local applications like tomcat for development. Start/stop is controlled by ControlPlane and a script.
Thanks,
Menno
Hi Jo,
First of all, many thanks for making such an excellent program available for free!
I had some questions about the advanced configuration by changing /etc/tcpblock.conf – where can I find the advanced options that are available?
and, one of the advanced possibilities I’m after…: is it possible to allow a program access to a specific remote address (range) only?
Thanks in advance.
Hi Jo, any documentation available?
will tcpblock work with mountain-lion?
TCPBlock uses the Network Kernel Extension programming API which is pretty stable between the various OS X releases therefore the chance for it to run with Mountain Lion is high… and if it does not I will try to fix it. Unfortunately I have no possibility to test it with Mountain Lion right now.
The current version (2.10) is fully functional in Mountain Lion 12A154q.
Is there a way to block only outgoing communication and not local (127.0.0.1) communication for an app?
For example. I would like to run dansguardian and squid on the local host and allow communication to them over 127.0.0.1 from any web application running, butI want to block any application from trying to talk to the external interface except for squid.
When I block the webprocess for safari it blocks ALL communication. I want to allow it to speak to dansguardian.
Thank you,
Unfortunately there is no way right now.
Thank you for making a free alternative out there.
One question though;
Is it possible to make it block SOME connections for an application only? F.ex. if it is a software using the internet connection to work properly, but I don’t want it to update itself?
No, this is not possible.
Hi,
I love TCPBlock, especially the growl notifications. There’s a small problem though, as soon as I use a script that checks for changes, like livejs ( http://livejs.com ) using a local development server tcpblock starts using lots of resources (jumps between 8 and 15% on my MBA 2011). It happens especially when running Internet Explorer in a virtual machine.
When running Tcpblock in the terminal I see IE generates about 1 connection per second.
It shouldn’t take that much resources to inspect some packages. There’s something else going on, probably. If you need more info I’m happy to help.
Thanks for your report. I will check.
“Note that, due to the limited knowledge of filenames in the Mac OS X kernel only the first 16 characters of the command name are used for name comparisons. Any characters above this limit are truncated”
Does the term “filename” in this case in include the directory path, i.e. if I allow for example the app “iTunes” would another app named “iTunes” automatically be allowed as well? Additionally are technics like hashing used to make sure that the right app is trying to connect?
The path is not included. Bot “iTunes” would be allowed to connect.
So in order for a bad app to connect to the net it just has to be named firefox or itunes? Isn’t that highly ineffective?
This made it all work:
Stan Lee says:
January 30, 2012 at 22:04
I had the same problem and it was caused by an incorrect permission on the folder containing the tcpblock executable. I ran “sudo chmod 0755 /usr/local/bin” in the shell and after that growl notifications started working (Growl 1.2.2 / TCPBlock 2.10 on Lion). Hope that helps.
Can you improve the growl messages that it opens the tcpblock-prefpane when the user clicks on a “tcp connection blocked” message? this would be very nice, so that we dont have to go over the menu to the prefpane…
thanks, really good work! thank you really much! i hope you continue with development!
Is there a way to have tcpblock pause an offending process when a block occurs so I can determine the source of the program that is causing the outside access. Right now there is a routine ksfetch that seems to have been inserted by Google Chrome that is getting its access blocked every hour. After the accesses are blocked, the routine terminates on its own so I can find what started the routine. Tried tcpblock -m but that just logs the access and ksfetch is long gone by then.
There is no way to pause offending processes with TCPBlock.
I’m running Lion with Growl 1.3.3 (the mac app store version) and TCPBlock does not appear to successfully register as an application with it.
Do you / does anyone know if that is a problem others have experienced?
Best regards.
Running Lion 10.7.4, Growl 1.3.3 and TCPBlock 2.10 KEXT 2.2.6 and they are work together as expected. TCPBlock is in the list of Growl Applications in the Growl Pref panel and checked as enabled. Logging is set in the Notifications tab.
Thanks. Since you have it working, I gave it a go again. It works, but I know no technical info, so here’s the rambled report back on the brute forcing.
(The mac app store version is now 1.4, but I still had the issue.)
I ended up installing the old non-appstore one (1.2.2) *which I’d previously never installed,* then uninstalling them both with http://growl.info/growlinstallcorrupt, then re-installing the appstore version.
(I also installed hardware growler (the appstore version) at the very beginning.)
For some reason, it now works. I think it is strongly unlikely that it was a misconfiguration on my end. So if anyone else has an issue, perhaps just try toggling your installs.
Thank you all for solving the Growl problem. I installed Growl 1.2.2 and did the sudo trick. TCPBlock registered with Growl. Then I uninstalled Growl 1.2.2 and launched Growl 1.4. TCPBlock works now with Growl 1.4 notifications. I am running Mountain Lion dp4 and I can confirm that TCPBlock runs fine on it.
Hi I am on 10.8 Mountain Lion (fresh install) with growl 1.4 (from app store)
and TcpBlock 2.10
When try to check on growl enabled I get the message:
8/23/12 5:26:19.687 PM com.apple.launchd.peruser.501[125]: (com.delantis.tcpblock[555]) Job failed to exec(3). Setting up event to tell us when to try again: 2: No such file or directory
8/23/12 5:26:19.687 PM com.apple.launchd.peruser.501[125]: (com.delantis.tcpblock[555]) Job failed to exec(3) for weird reason: 2
Any idea? Thanks!
I tried also with the command line tcpblock -n and get the following
~ root# tcpblock -n
2012-08-25 06:56:56.341 tcpblock[337:707] could not find local GrowlApplicationBridgePathway, falling back to NSDNC
I assume I get this message because tcpblock cannot register with growl..
Hi, similar problem… I’m using version 2.10 KEXT 2.2.6, Mountain Lion 10.8.1 and Growl 1.4. When I select “Enable Growl notifications” nothing happens and the program doesn’t appear in my Growl applications list. Anyone have any ideas? Thanks.
How do you uninstall TCPBlock? It’s a nice piece of software, but I need to take it off my machine for a little while.
Use the uninstaller UninstallTCPBlock.app included in the TCPBlock_v2.10.dmg.
Thanks, Jo.
I cannot get the uninstaller to work. Anybody else having the same problem?
I have been using TCPBlock with Leopard (10.5) for a long time now. However, something recently has changed. All of my apps are being blocked and I when I go to the Connecting Apps tab to unblock them, they are greyed out and cannot be inserted into the Application List. Has anyone seen this occur before?
I am using the latest version of TCPblock v.2.1.0 KEXT 2.2.6
Thanks.
The apps are greyed out because they are already in your Application List. If you have White List enabled then make sure that Block all outgoing is disabled in order that you apps are not being blocked anymore.
Hi I am on 10.8 Mountain Lion (fresh install) with growl 2.0 (from app store)
and TcpBlock 2.10 kext 2.2.6
When try to check on growl enabled I get the message:
8/23/12 5:26:19.687 PM com.apple.launchd.peruser.501[125]: (com.delantis.tcpblock[555]) Job failed to exec(3). Setting up event to tell us when to try again: 2: No such file or directory
8/23/12 5:26:19.687 PM com.apple.launchd.peruser.501[125]: (com.delantis.tcpblock[555]) Job failed to exec(3) for weird reason: 2
I tried also with the command line tcpblock -n and get the following
~ root# tcpblock -n
2012-08-25 06:56:56.341 tcpblock[337:707] could not find local GrowlApplicationBridgePathway, falling back to NSDNC
I assume I get this message because tcpblock cannot register with growl.
What exactly does tcpblock tries to run in order to register with Growl. Perhaps I can create a wrapper script in order to correctly connect to the new growl API. It seems that it does this
using a system command?
Thanks!
The first error happens because on the fresh install in Lion and later the directory /Users/your_username/Library/LaunchAgents does not exists. You have to create it manually in order that TCPBlock can write its LaunchAgent.
Registering and communication with Growl is done using Objective C methods, so a wrapper would not work.
Thanks!
So I put together a fast hack to connect it with notification center in 10.8 (do not want to have a terminal on continuously to monitor this):
1) install terminal-notifier (http://osxdaily.com/2012/08/03/send-an-alert-to-notification-center-from-the-command-line-in-os-x/)
2) write script @ /Users/XXX/bin/tcpblock_notify.sh
#!/bin/bash
tail -1 -f /var/log/system.log | while read line
do
[[ "$line" == *tcpblock*block*connection* ]] && ( terminal-notifier -title tcpblock -message “$(echo $line | cut -d\ -f7- | cut -d: -f1)” 1>/dev/null)
done
3) use launchd to start @ /Users/XXX/Library/LaunchAgents/com.delantis.tcpblock_notify.plist
start it doing: launchctl load com.delantis.tcpblock_notify.plist
Label
com.delantis.tcpblock_notify
ProgramArguments
/Users/XXX/bin/tcpblock_notify.sh
KeepAlive
That’s a cool hack. Thanks!
You have a typo in the first cut command. The delimiter for space needs two white spaces after the \ or its even maybe easier to use the ‘ ‘. So i.e.
#!/bin/bash
tail -1 -f /var/log/system.log | while read line
do
[[ "$line" == *tcpblock*block*connection* ]] && ( terminal-notifier -title tcpblock -message “$(echo $line | cut -d ‘ ‘ -f7- | cut -d: -f1)” 1>/dev/null)
done
Also, the ” ‘s didn’t paste properly into terminal. I was just getting the first field “Block” and nothing else until i overwrote all the ” characters in terminal.
Also, here is my plist file if someone wants to take it:
KeepAlive
OnDemand
RunAtLoad
Label
com.YOURNAME.tcpblock_notify
ProgramArguments
/Users/YOURNAME/bin/tcpblock_notify.sh
remember to chmod +x both files.
Thanks to the OP.
and since the .plist is not being displayed properly I have uploaded the scripts @ pastebin
So here we go again
1) install terminal-notifier (http://osxdaily.com/2012/08/03/send-an-alert-to-notification-center-from-the-command-line-in-os-x/)
2) write script @ /Users/XXX/bin/tcpblock_notify.sh
do a “chmod +x /Users/XXX/bin/tcpblock_notify.sh”
http://pastebin.com/PT2UmpbN
3) use launchd to start @ /Users/XXX/Library/LaunchAgents/com.delantis.tcpblock_notify.plist
start it doing: launchctl load com.delantis.tcpblock_notify.plist
http://pastebin.com/eg29fjNC
To add to this – those who use the whitelist: I created an AppleScript bundle that you can launch when you’re notified of a blocked connection. You enter the application’s name (exactly as shown in the Growl notification/TCPBlock log) in the popup, enter your password, and it’s added to your whitelist! Even supports Growl notifications! Pretty straight forward.
How to do it: Open the AppleScript app (everyone has it), paste the code below, save as “Application” format, change the icon if you like
It’s not pretty but works – no issues so far:
############### Add2TCPBlock ########################
# Adds a new rule to TCPBlock’s whitelist, allowing an outgoing connection.
# Executes shell command “tcpblock -a ” to add to whitelist
# and then “tcpblock -c” to update ruleset
# Support for Growl notifications
################################################
# add inputed application name to tcpblock config
##############################
set appName to “”
try
set diagIn to (display dialog “Enter app name to allow connections: ” with title “TCPBlock – Allow?” default answer “” buttons {“Always Allow”, “Nevermind”} default button 1 with icon stop)
set appName to the text returned of diagIn
set buttName to the button returned of diagIn
if (appName is equal to “” or buttName is equal to “Nevermind”) then
display dialog “ABORTED: no changes made” with title “TCPBlock – Failure” buttons {“okay”} with icon caution
return — ***exit script***
else — where it’s at: two turn tables and a microphone
do shell script “/usr/local/bin/tcpblock -a ‘” & appName & “‘” with administrator privileges — requires admin password, to skip password entry
do shell script “/usr/local/bin/tcpblock -c” ——————————————– each time (unsecure!) add: password “yourpassword” above before “with administrator privileges”
end if
end try
# display notification through Growl
# catch if not installed or open and use Apple dialog
###############################
tell application “System Events”
set isRunning to (count of (every process whose bundle identifier is “com.Growl.GrowlHelperApp”)) > 0
end tell
if isRunning then
tell application id “com.Growl.GrowlHelperApp”
– Make a list of all the notification types
– that this script will ever send:
set the allNotificationsList to ¬
{“Application set to allow outgoing connections”}
– Make a list of the notifications
– that will be enabled by default.
– Those not enabled by default can be enabled later
– in the ‘Applications’ tab of the Growl preferences.
set the enabledNotificationsList to ¬
{“Application set to allow outgoing connections”}
– Register our script with growl.
– You can optionally (as here) set a default icon
– for this script’s notifications.
register as application ¬
“Add2TCPBlock” all notifications allNotificationsList ¬
default notifications enabledNotificationsList ¬
icon of application “Finder”
– Send a Notification…
notify with name ¬
“Application set to allow outgoing connections” title ¬
“TCPBlock – ” & appName description ¬
“Application set to allow outgoing connections” application name “Add2TCPBlock”
end tell
else
# growl not installed/running – use Apple dialog
display dialog “Application ” & appName & ” set to allow outgoing connections.” with title “TCPBlock success” buttons {“OKAY”} with icon caution
end if
Formatting issues with the above. I’ve uploaded the script file: http://www.filedropper.com/add2tcpblock
The above won’t work due to formatting. Here is the script file: http://www.filedropper.com/add2tcpblock
If I knew this existed I wouldn’t have bought little snitch… I can’t see that this is as feature filled but it seems pretty good anyways. It’s been a year since a new version…
Thanks for this great software! I wonder why only few people seem to know about this. Will there be a new version with notification center support on Mountain Lion somewhen?
TCPBlock is fantastic. Simple and effective. I too am having the issue with Growl 2.0 on Mountain Lion. Installing the older non app store version has not solved the problem in my case. I also wonder where the log file is kept on mountain lion? Mine isn’t located at var/log/system.log or /var/log/kernel.log. Keep up the good work. My donation is on its way.
Hi launch Console (/Applications/Utilities/Console) and check where system.log lives. Pretty sure it is in /var/log in Mountain Lion.
Great application Sir. I am new to mac and love your firewall. However, it locks automatically each time I close the preference pane. Its annoying to enter password each time. Is there any way to prevent that. I am using OSX 10.8 Snow Leopard.
There is no way to prevent that.
I hope its added in a future release. Will make life using white list a lot easier. Thank you.
Do you have intentions of developing this into a paid app? If not have you considered opening the source? I have many ideas I’d like to try and implemented (processing Growl feedback/banner clicks?) as do others. The added development could really help the app take off and do so much more! Please consider it!
What do you think of the following error? I will leave the craziness for another time but suffice to say tcpblock worked flawlessly, I thought it my savior against the “evildoers” who attempt to infiltrate our systems. It was such a good watchdog I forgot all about the many firewalls implemented previously. Forgot how Norton stopped blocking and little snitches rules bouncing back and forth giving permission to those who would do us harm. Forgot about the many months banging my head against the wall Until the inevitable happened. The preference pane was the first to go, then this error below. Could be permissions, could be replaced files, could be missing files, who knows, but it signals the end of another firewall. Thanks for putting in the time to code it though. Big gold medal for that…
localhost:~ ck$ tcpblock -c
2013-03-30 03:32:10.587 tcpblock[1680:707] ioctl CTLIOCGINFO: No such file or directory
connection to the tcpblock kernel extension failed
I have a screen capture of the error in the preferences if you’d like to see it. The verbiage in the dialog goes like this:
Connection to the TCPBlock Kernel Extension failed!
Please reinstall the TCPBlock.pkg to make shure you
get not only this Preference Pane but also the
required components.
Despite removing and re-installing, including re-install with a freshly downloaded tcpblock it never repairs that preference payne, what a pain.
Thanks
S
Sounds like if the TCPBlock kernel extension is not loaded… You cat try to load it with “sudo /usr/local/bin/tcpblocknke”.
At system boot time the kernel extension is automatically started by launchd using the file /Library/LaunchDaemons/com.delantis.tcbblocknke_load_kext.plist. Does this file exists and looks ok?
Hi Jo,
as others stated before: superb app!
But I’m always running into the same error as Scott. Strangely enough, the error often occurs every third or fourth boot. Then I ave to apply this sudo command which works.
But have you got at solution that avoids this manual input every time? Because I’m not notified that TCPBlock is out of order.
What’s the solution concerning your second statement? I’ve only got the file “com.delantis.TCPBlock.plist” in the folder mentioned. Obviously, com.delantis.tcbblocknke_load_kext.plist is not existant on the device. Where and how do I get this? And why wasn’t that installed on my device (10.8.3)?
Thanks for your support!
com.delantis.tcbblocknke_load_kext.plist is part of the TCPBlock installer package. Reinstall TCPBlock and if the file is still not existent then you may get some error hints in the Installer log.
Or create the file /Library/LaunchDaemons/com.delantis.tcbblocknke_load_kext.plist with the following content:
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd" >
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<false/>
<key>Label</key>
<string>com.delantis.tcpblocknke_load_kext</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/bin/tcpblocknke</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>StandardOutPath</key>
<string>/dev/null</string>
<key>UserName</key>
<string>root</string>
</dict>
</plist>
Make sure the file has the same owner, group and permissions like the other files lying around in the LaunchDaemons directory.
com.delantis.TCPBlock.plist is for managing TCPBlocks Privileged Helper Tool:
If you open the TCPBlock PrefPane in order to change its configuration you must authenticate yourself as your Macs superuser, root. Only root has the rights to change the config file of TCPBlock. Instead of running the entire PrefPane as root, which means giving tons of lines of code privileged access to your system and is a security nightmare, only a small, separated helper tool is started and only the helper tool gets superuser privs. The helper tool contains only a few lines of code for writing TCPBlocks config file.
Hi Jo,
after some days of testing: Your solution works…but only for a couple of days. And then, I don’t know why, the plist file I created disappears, i.e. it’s deleted from this folder. No TCPBlock plist file exists there any more. Have you got a further solution?