Skip to main content
Jamf Nation, hosted by Jamf, is the largest Apple IT management community in the world. Dialog with your fellow IT professionals, gain insight about Apple device deployments, share best practices and bounce ideas off each other. Join the conversation.
4

Opening application or port on Firewall for 10.7 and 10.8 Macs

Posted: 2/13/13 at 2:42 PM by miles3w

I have a utility that uses port ####(redacted), and need to open the local Mac's firewall to handle this. I'm not very experienced with OS X firewalls other then the pretty GUI. My research has revealed that for the command line:

ipfw is deprecated
pfctl replaces ipfw
socketfilterfw handles application specific firewall issues
\- also the '-t' option seems to be deprecated

Ideally I'd love to use a socketfilterfw command to add the utility as a trusted app
alternatively what would be the pfctl command to accept port #### connections?

Thanks,

\- Miles

4
CCA Badge

Posted: 2/13/13 at 2:44 PM by nessts

its not easy nor is it pretty
https://www.google.com/search?q=os+x+pfctl+tutorial&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

CCA Badge

Posted: 2/13/13 at 2:45 PM by nessts

sorry this one was pretty good
http://krypted.com/mac-os-x/a-cheat-sheet-for-using-pf-in-os-x-lion-and-up/

CCA Badge

Posted: 2/17/13 at 5:29 PM by malroy

Try this command

/usr/libexec/ApplicationFirewall/socketfilterfw --add "applicaton location/xyz.app"

This will allow the socketfilterfw command to trusted the app and it will show up in the GUI

Posted: 2/19/13 at 10:49 AM by miles3w

After much testing I found the sequence needed to add an app to the firewall. Thanks for the suggestions...
\- Miles

\# Start firewall in case it is off
/usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on

\# Sign app binary
/usr/libexec/ApplicationFirewall/socketfilterfw -s "/appLocation/xyz.app/Contents/MacOS/xyz"

\# Stop firewall
/usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate off

\# Add binary as trusted application to firewall
/usr/libexec/ApplicationFirewall/socketfilterfw --add "/appLocation/xyz.app/Contents/MacOS/xyz"

\# Start firewall
/usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on