Skip to main content
Jamf Nation, hosted by Jamf, is a dynamic and knowledgeable community of Apple-focused IT admins and Jamf Pro users. Join us in person, in October, for the annual Jamf Nation User Conference (JNUC) to discover new and better ways to manage Apple devices.

Opening application or port on Firewall for 10.7 and 10.8 Macs

I have a utility that uses port ####(redacted), and need to open the local Mac's firewall to handle this. I'm not very experienced with OS X firewalls other then the pretty GUI. My research has revealed that for the command line:

ipfw is deprecated
pfctl replaces ipfw
socketfilterfw handles application specific firewall issues
\- also the '-t' option seems to be deprecated

Ideally I'd love to use a socketfilterfw command to add the utility as a trusted app
alternatively what would be the pfctl command to accept port #### connections?

Thanks,

\- Miles

Like Comment
CCA Badge
SOLVED Posted: 2/13/13 at 2:44 PM by nessts

its not easy nor is it pretty
https://www.google.com/search?q=os+x+pfctl+tutorial&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Like
CCA Badge
SOLVED Posted: 2/13/13 at 2:45 PM by nessts

sorry this one was pretty good
http://krypted.com/mac-os-x/a-cheat-sheet-for-using-pf-in-os-x-lion-and-up/

Like
CCA Badge
SOLVED Posted: 2/17/13 at 5:29 PM by malroy

Try this command

/usr/libexec/ApplicationFirewall/socketfilterfw --add "applicaton location/xyz.app"

This will allow the socketfilterfw command to trusted the app and it will show up in the GUI

Like
SOLVED Posted: 2/19/13 at 10:49 AM by miles3w

After much testing I found the sequence needed to add an app to the firewall. Thanks for the suggestions...
\- Miles

\# Start firewall in case it is off
/usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on

\# Sign app binary
/usr/libexec/ApplicationFirewall/socketfilterfw -s "/appLocation/xyz.app/Contents/MacOS/xyz"

\# Stop firewall
/usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate off

\# Add binary as trusted application to firewall
/usr/libexec/ApplicationFirewall/socketfilterfw --add "/appLocation/xyz.app/Contents/MacOS/xyz"

\# Start firewall
/usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on

Like