Edit outgoing IP packets
You can do one of two things:
(a) Configure macOS's native packet filter, PF, to forward packets to a "divert socket" (akin to a Unix socket on Linux; see divert(4)
). An application running in userspace can then listen on this divert socket and inspect packets, followed by dropping them or handing them back to the kernel (with or without modification) for sendoff. See this blog post for an example config, and pfctl(8)
, pf.conf(5)
, and the PF User's Guide for comprehensive info on PF's capabilities and how to configure it.
(b) Deploy a kernel extension which uses the native IP filter interface, IPF (akin to Linux's Netfilter), to inspect, modify, and drop packets. See Jonathan Levin's Mac OS X and iOS Internals for details; the 1st edition describes this interface in §17.7.4 IP Filters (page 698).
I don't know of any general-purpose daemons that work on principle (a) or kexts that use principle (b) that allow you to write config files that specify rules for modifying and dropping packets in transit, so it seems like you'd need to write your own daemon or kext for your specific use case.