As of 10.8 and above you can edit the pf.conf file. I would only do this if you don't have a network firewall in place. You can if need be block from the client side on OSX by editing the above file. OSX has a built in "pfctl" command from terminal. So in your case you could add the following rule and enable the pfctl.
(sudo pfctl -sr 2>/dev/null; echo "block drop quick on en0 proto tcp from any to any port = 3268") | sudo pfctl -f - 2>/dev/null
You would have to change en0 to what every interface you want it blocked on, otherwise I believe (never tested) you can use "! lo0" to block any connections not from loopback.
sudo pfctl -s rules
Will show what rules are in place and a
sudo pfctl -e
will enable the rules.
http://nomoa.com/bsd/gateway/pf/valid/pfctl.html has a great run through of the whys and how.
or a "man pfctl" form terminal will pull up Apple's man page.
I have never really used this in production just for testing when I ran crossed the command on StackExchange. I can confirm it works, as I tested on a site going specifically to 8080.
StackExchange link http://superuser.com/questions/505128/deny-access-to-a-port-from-localhost-on-osx
