Ensure Internet Sharing Is Disabled


Internet Sharing uses the open source natd process to share an internet connection with other computers and devices on a local network. This allows the Mac to function as a router and share the connection to other, possibly unauthorized, devices.


Disabling Internet Sharing reduces the remote attack surface of the system.


Internet Sharing allows the computer to function as a router and other computers to use it for access. This can expose both the computer itself and the networks it is accessing to unacceptable access from unapproved devices.


Graphical Method:
Perform the following steps to disable Internet Sharing:

Open System Settings

Select General

Select Sharing

Set Internet Sharing to disabled

Terminal Method:
Run the following command to turn off Internet Sharing:

$ usr/bin/sudo /usr/bin/defaults write /Library/Preferences/SystemConfiguration/com.apple.nat NAT -dict Enabled -int 0

Note: Using the Terminal Method will not be reflected in the GUI, but will disable the underlying service.
Profile Method:
Create or edit a configuration profile with the following information:

The PayloadType string is com.apple.MCX

The key to include is forceInternetSharingOff

The key must be set to <true/>

See Also