How do I delete network interfaces
I am still a little new to the macOS world, so my question might be easily solved.
I have been doing some networking with my MacBook Air and noticed some things I did not understand/thought that they should be different.
When I run ifconfig I see many network adapters, and with many I mean way more than I anticipated.
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether c8:69:cd:af:4f:bc
inet6 fe80::1832:448c:e682:a8a8%en0 prefixlen 64 secured scopeid 0x5
inet 152.67.132.28 netmask 0xfffffc00 broadcast 152.67.132.255
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
en1: flags=922<BROADCAST,SMART,PROMISC,SIMPLEX> mtu 1500
options=60<TSO4,TSO6>
ether 9a:00:05:1b:4b:3f
media: autoselect <full-duplex>
status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 0a:69:cd:af:4f:bc
media: autoselect
status: inactive
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484
ether fa:1f:bf:37:c7:35
inet6 fe80::f81f:bfff:fe37:c735%awdl0 prefixlen 64 scopeid 0x8
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
bridge0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether 9a:00:05:1b:4b:3f
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x2
member: en1 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 6 priority 0 path cost 0
nd6 options=201<PERFORMNUD,DAD>
media: <unknown type>
status: inactive
utun0: flags=8050<POINTOPOINT,RUNNING,MULTICAST> mtu 2000
inet6 fe80::4974:b78a:7731:c82a%utun0 prefixlen 64 scopeid 0xa
nd6 options=201<PERFORMNUD,DAD>
utun1: flags=8050<POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::9ffc:672f:768f:f232%utun1 prefixlen 64 scopeid 0xb
nd6 options=201<PERFORMNUD,DAD>
utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::733c:91be:79df:7b4b%utun2 prefixlen 64 scopeid 0xc
nd6 options=201<PERFORMNUD,DAD>
lo0 and en0 are clear to me but the others are not. However, What are the different internet connection types used by ifconfig and ipconfig? and Unexpected interfaces in ifconfig have cleared a lot of this up for me.
However, when I started writing this I only had utun0 and utun1 and now utun2 has appeared!
What I'd like to know is: Can I disable/remove them since I seem to not use them? If so, how?
ifconfig delete doesn't seem to work and ifconfig up/downhas no effect.
Solution 1:
These are for the most part physical network adapters which exist within your computer. Even if you remove them all from System Preferences --> Network, ifconfig will still report them all.
Here's the default list for a MBP 2011 17 inch:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=1<PERFORMNUD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>
ether c8:2a:14:33:ca:46
nd6 options=1<PERFORMNUD>
media: autoselect (none)
status: inactive
en1: flags=8823<UP,BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500
ether e4:ce:8f:2g:c7:aa
nd6 options=1<PERFORMNUD>
media: autoselect (<unknown type>)
status: inactive
en2: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
options=60<TSO4,TSO6>
ether d2:00:1d:b8:61:60
media: autoselect <full-duplex>
status: inactive
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
lladdr c8:2a:14:ff:fe:cb:96:16
nd6 options=1<PERFORMNUD>
media: autoselect <full-duplex>
status: inactive
p2p0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 2304
ether 06:ce:8f:2f:b7:aa
media: autoselect
status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether ca:2a:18:23:ea:00
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x2
member: en2 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 6 priority 0 path cost 0
nd6 options=1<PERFORMNUD>
media: <unknown type>
status: inactive
en4: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=4<VLAN_MTU>
ether 08:6d:41:e6:e7:46
inet6 fe80::a6d:41ff:fee6:e748%en4 prefixlen 64 scopeid 0xc
inet 192.168.1.13 netmask 0xffffff00 broadcast 192.168.1.255
nd6 options=1<PERFORMNUD>
media: autoselect (100baseTX <full-duplex,flow-control>)
status: active
I ran ifconfig both before and after deleting almost all the network connections. The results were exactly the same.
This is the default configuration with six listed interfaces
This is the default configuration with six listed interfaces
As I mentioned the ifconfig output was exactly identical whether the interfaces had been deleted or not.
If you'd like to go deeper networksetup gives you more human readable output. For instance networksetup -listallhardwareports yields:
Hardware Port: Ethernet
Device: en0
Ethernet Address: c8:2a:14:33:ca:46
Hardware Port: Apple USB Ethernet Adapter
Device: en4
Ethernet Address: 08:6d:41:e6:e7:48
Hardware Port: FireWire
Device: fw0
Ethernet Address: c8:2a:14:ff:fe:cb:96:16
Hardware Port: Wi-Fi
Device: en1
Ethernet Address: e4:ce:8f:2f:b7:aa
Hardware Port: Bluetooth PAN
Device: en3
Ethernet Address: e4:ce:8f:2f:b7:ab
Hardware Port: Thunderbolt 1
Device: en2
Ethernet Address: d2:00:1c:b9:61:60
Hardware Port: Thunderbolt Bridge
Device: bridge0
Ethernet Address: ca:2a:14:33:ea:00
VLAN Configurations
While you can't add or remove hardware ports with networksetup, you can enable and disable devices with networksetup -removepreferredwirelessnetwork <device name> <network>
You can get a full list of the available networksetup commands with man networksetup and some nice examples.
If you really want to disable the hardware completely so it doesn't show up, get out your Torx screwdrives and a solder gun. Why would someone want to do so? For the same reasons, one might disconnect iSight Camera or the microphone. If you aren't going to use an interface (particularly a wireless one), it's a constant security hasard.
For VMware and other virtual machines, you'll want to remove their .kext extensions which install virtual interfaces. While I'm on board for disconnecting microphones and video cameras, I don't think removing network interfaces would help much as your computer is vulnerable as soon as it's online. If I did want a truly secure computer, I'd make sure it simply had no networking hardware inside or on the motherboard. This probably means stepping back a few generations.
This kind of secure box should then be kept in a physically secure location. I know a lawyer with a safe room in his office where just such a computer stands. It never touches the internet or any other networking device. If he wants copy out of it, he doesn't use a removable device such as a USB card or a floppy drive. He prints. If he wants a digital version, someone scans and OCR's the printed output.