Download TCPBlock for Mac - Lightweight and fast application firewall. MacUpdate.com

TCPBlock 2.10

Your rating: Now say why...

(6) 4.916666666666667

Lightweight and fast application firewall. Free ($10)

Add to my Watch List
Email me when discounted

Download Now
817 KB
Visit Developer's Site
delantis.com

TCPBlock is a lightweight and fast application firewall for Mac OS X 10.5 or later developed by delantis.com. The Mac OS X firewall protects you from connections that come from outside of your computer. But what about the software from your computer that opens new connections to the internet? With TCPBlock you can prevent selected applications on your computer from opening connections to the network.

TCPBlock is implemented as a loadable kernel module which contains all the blocking logic. You can configure it in the System Preferences TCPBlock preference pane or with the tcpblock

What's New

Version 2.10:

Filter UDP Protocol.
Report if apps are connecting over TCP or UDP.
Improved logging.
Incompatibility with nginx resolved.

Requirements
PPC / Intel, Mac OS X 10.5 or later.

Little Snitch

+12
Demo $29.95

Alerts you to outgoing network ...
Hands Off!

+6
Demo $49.99

Monitor and control application ...
Radio Silence

+1
Shareware $9

Outbound application firewall.

TCPBlock User Discussion (Write a Review)

ver. 2.x:

(6)

Your rating: Now say why...

Overall:

(6)

sort: smiles | time

+117

Shock-J commented on 05 Apr 2012

This does not seem to work with the new Growl, v.1.3.x, which is an application rather than a prefpane. Without notifications, this tool puts a serious burden on the end user. Having to manually watch connecting apps is simply too much trouble. When notifications, get fixed, I'll try it again.

[Version 2.10]

+152

GeoProf reviewed on 09 Nov 2011

I've been using TCPBlock for 6 weeks now, and have concluded that it blows Little Snitch and Hands Off! right out of the water. It has alerted me to MANY, MANY callouts that have been happening right under Little Snitch's nose ever since I started using it 5 years ago. I have studied LS to death, reinstalled it 6 or 7 times just to rebuild my rules lists from scratch in order to figure out how so much traffic get’s past it, and subjected my rules lists and standard operating procedures to the scrutiny of serious IT professionals and a couple of hard core hackers, so now I'm extremely confident that Little Snitch's weaknesses and outright failings are indeed Little Snitch's — not mine, as I let myself believe for far too long. TCPBlock is so much less complicated yet more effective than both LS and HO that I spent a couple of weeks second guessing whether my conclusions are as accurate and stark as I think they are, only to arrive at the same verdicts all over again. So I have officially deactivated LS and now rely entirely on TCPB.

If anyone else has had the same sort of doubts about Little Snitch or Hands Off over the years, do yourself a favor and install TCPBlock, then run it side-by-side with Little Snitch (or Hands Off!) for a week or two. After you get over the short learning-hump, you'll be amazed.

And it's free!

[Version 2.10]

+51

TGBX commented on 20 Oct 2011

Looks nice. The command-line tool makes me a little concerned however, as it suggests a way for program developers to bypass TCPBlock by designing their app to quietly set an exception before it starts talking.

[Version 2.10]

6 Replies

PorkPieHat replied on 20 Oct 2011

TGBX, PLEASE EXPLAIN MORE FULLY.

Does the developer of this security app instruct other developers how to get around it? If so, that's a violation of trust that would make TCPBlock not only useless but dangerous, freeware or not. So please expound your point so we can all understand, especially those of us that do not use the CLI.

Delantis (developer) replied on 21 Oct 2011

You don't have to be worried about the command-line tool because it uses the same security guidelines as the GUI. With the command-line tool you can see what TCPBlock is doing without an extra authentication but to modify the TCPBlock configuration you need to be authenticated as your Macs administrator.

PorkPieHat replied on 21 Oct 2011

Thanks for helping me understand this, Delantis. However, I thought TGBX's point (above) was that somehow the CLI offers developers a way to make their apps essentially invisible to TCPBlock by setting an "exception" to it (whatever that is). Is that possible?

I'm probably overcurious about this because in just 3 days TCPBlock has already helped me discover callouts by 2 apps that Little Snitch has never alerted me to, so I really want to continue using it and would be bummed if it turned out to be evadable (to coin a term). The number of callouts developers are building into their apps these days is alarming, and I get really pissed when so many of them are pointless. I downloaded a music app a few months ago (can't remember its name) that called out to over 110 distinct locations (I logged each one) before I just quit counting and uninstalled the ulcerous junk!

Delantis (developer) replied on 21 Oct 2011

The CLI does not offer developers a way to make their apps invisible to TCPBlock. A feature like this would make TCPBlock useless - and this is not what I want. I use TCPBlock for the same reasons like you, because I don't want that apps are phoning home without my permission. Therefore I have developed TCPBlock so that only a user with administrator privileges can create or modify its configuration.

-7

Blamanche replied on 03 Mar 2012

Not sure if this is off topic and I'll ask at the risk of looking like a dolt. But I'm not using the CLI. And as far as I can tell you can black list an app and that causes all outgoing connections from that app to be stopped. It seems to me that I have some apps where what I'd like is to stop some but not all of the outgoing data. But all I see is a giant list of urls. Sifting through that list would be a daunting task.

-6

Lolita replied on 03 Mar 2012

Yes Blamanche, for each connection in the Connecting Apps tab that you want to block, if it says "no" under the Blocked column you just click "Insert into Application List" (after authenticating with your password once) and that will block it from that source permanently. If you don't want to block it, just leave it alone.

-2

-14

Supershuttle reviewed on 07 Aug 2011

Wow, this actually does what I need to do. And don't add the pop-up thing or I'm uninstalling. The pop-up thing reminds me of being on the internet, that's why I have a pop-up blocker and adblock.

[Version 2.8]

-1

Thomas-Duvrai reviewed on 24 Jun 2011

The major big feature of TCPBlock is it's unintrusiveness, no pop-ups! This makes makes totally up for the lack of other features. This is the way an application firewall should truly work on a Mac!

[Version 2.8]

sebos reviewed on 13 Dec 2010

It's the only freeware serious alternative to LittleSnitch.
It's not perfect in term of flexibility but it's allow you to safely protect your computer and control all the access.
(you can always use the shell to do some complex manipulations).
I work nice in 64bit and the process is not heavy (memory and cpu).
Again thanks a lot for this great app.
I got no crash since the 2.7 version, so i can consider that this app is now stable (first priority for a "firewall").

[Version 2.8]

+27

Zuulito commented on 26 Nov 2010

It seems not to work on 64 bit kernels.
I installed v2.6, restarted and tried to open the pref pane.
I got an error saying that tcpBlock wasn't correctly installed.
I found an error message in the console that said that no code for running kernel's architecture was found.
Too bad, that sounded like a fine replacement to little snitch !

[Version 2.6]

+35

Dorkypants had trouble on 26 Sep 2011

2 problems:

1) Whitelist sometimes doesn't stick: i.e., items I add to the Application List disappear from the list after a reboot. This has happened for Unix daemon programs rather than GUI apps.

2) On wake, I've gotten a Growl notification that a daemon has been blocked, but when I open the prefpane, it's not on the list of Connecting Apps so that it can be added to the whitelist.

[Version 2.9]

2 Replies

Delantis (developer) replied on 29 Sep 2011

1) Can you reproduce the error? And if so can you please write me the steps to reproduce it?

2) This is so because at the time the notification was sent the prefpane was not open. The Connecting Apps tab maintains no backlog of connections. You can see just the network activity from the time on you open it.

+35

Dorkypants replied on 29 Sep 2011

@Delantis

2) Yes, I figured out the prefpane needs to be open and set up my login to do so.

1) Hasn't happened again. If it does, I will send details.

MercuryNu rated on 14 Aug 2011

[Version 2.8]

+27

Zuulito rated on 02 Dec 2010

[Version 2.7]

Downloads:10,475

Version Downloads:4,666

Type:Utilities : Network

License:Free

Date:20 Oct 2011

Platform:PPC / Intel

Price: $10.00

Overall (Version 2.x):

Features:

Ease of Use:

Value:

Stability:

Displaying 1-7 of 7

Displaying 1-1 of 1

Displaying 1-2 of 2

Please login or create a new
MacUpdate Member account
to use this feature

Watch Lists are available to
MacUpdate Desktop Members
Upgrade Now

Download and auto-install
using MacUpdate Desktop. Save
time moving folders and cleaning-up.

Add/Update Listing About MacUpdate Desktop Career Opportunities RSS Twitter Facebook Advertise Sitemap