Skip to content

Restrict Direct Access To Ollama Hosts

If the users would know the ip address or DNS of the machine that hosts Ollama and the port where this service is exposed then they could do requests without using gemini.ti.bfh.ch.ti.bfh.ch the application server (which is not ideal).

1. Identify the port used by Ollama

Run on the ollama host: 

lsof -iTCP -sTCP:LISTEN -P | grep ollama

This will tell us in which port the ollama is listening on.

Once executed we will find an output like this: 

ollama 747 sysadmin 3u IPv6 0xdcb11b20ff0affc2 0t0 TCP *:11434 (LISTEN)

Which meand that Ollama is listening on the port 11434 for all interfaces (* under IPv6 means any address, including external ones).

So the externally reachable service is on TCP port 11434, and that’s what we’ll need to restrict.

2. Identify the gateway IP

Since we want to use gemini.ti.bfh.ch as our gateway server (the only host that should be allowed to access the macOS machine's Ollama service on port 11434) for the next configuration steps we also need the IP of this server which we can fing either pinging with the DNS:

ping gemini.ti.bfh.ch

or by running the following command (i did it from one of the macos servers):

dig +short thalia.ti.bfh.ch

Which returns 10.248.13.19, this ip address might be not fixed but at the time I did the configuration this was the IP returned.

3. Edit the Firewall config

1. Backup current firewall config

First back up the current firewall config (I did it because I wanted to revert the changes):

sudo cp /etc/pf.conf /etc/pf.conf.backup

pf stands for Packet Filter. It's the built-in firewall system in macOS. A traffic controller for network connections.

2. Create custome rule file

Create sudo nano /etc/pf.ollama.rules: 

sudo nano /etc/pf.ollama.rules

And paste the following: 

# Allow localhost
pass quick on lo0 all

# Allow Ollama connections only from gemini.ti.bfh.ch
pass in quick proto tcp from <IP gateway server> to any port 11434

# Block everyone else
block in quick proto tcp from any to any port 11434

Save (Ctrl + O, Enter, CTRL + X)

3. Include the rule file in the main config

Open /etc/pf.conf: 

sudo nano /etc/pf.conf

At the bottom, add: 

# Ollama firewall rules
anchor "ollama"
load anchor "ollama" from "/etc/pf.ollama.rules"

Save and exit.

4. Check and load the rules

Verify syntax:

sudo pfctl -nf /etc/pf.conf
- No output means the syntax is OK - Error, well need to fix it

When executing this command I got: 

pfctl: Use of -f option, could result in flushing of rules present in the main ruleset added by the system at startup. See /etc/pf.conf for further details.
Which is completely safe to ignore and so the syntax is OK.

Apply the config: 

sudo pfctl -f /etc/pf.conf

The previous command will give an output like:

pfctl: Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.

No ALTQ support in kernel
ALTQ related functions disabled

Which is ok. - ALTQ is a feature for advanced traffic shaping / prioritization (bandwidth control). - macOS doesn’t include ALTQ in the kernel by default. - pfctl is saying: Any ALTQ-related statements in /etc/pf.conf will be ignored. - Since our Ollama rules don’t use ALTQ, this message is harmless.

Check if pf is enabled: 

sudo pfctl -s info | grep Status
I found out that is not enabled: Status: Disabled, Debug: Urgent

Enable pf (if not already): 

sudo pfctl -e
Check the loaded anchor: 
sudo pfctl -sr

I got the following output: 

No ALTQ support in kernel
ALTQ related functions disabled
scrub-anchor "com.apple/*" all fragment reassemble
anchor "com.apple/*" all
anchor "ollama" all

Check the loaded rules: 

sudo pfctl -a ollama -sr

I got: 

No ALTQ support in kernel
ALTQ related functions disabled
pass in quick inet proto tcp from 10.248.13.19 to any port = 11434 flags S/SA keep state
block drop in quick proto tcp from any to any port = 11434

4. Test Connectivity

Now is all set up, the only thing left is to test connectivity. When we try to access from gemini.ti.bfh.ch to the Ollama host we should succeed meaning we should see the usual message Ollama running, if we try to access from another computer, say your local computer then it should time out or simply not return anything.

From gemini.ti.bfh.ch: 

curl http://thalia.ti.bfh.ch:11434/

Output: 

Ollama is running

From my local computer when doing curl or with the DNS it timed out.

Reminder to check adaptation in case that the ip is not static