Opening application or port on Firewall for 10.7 and 10.8 Macs

miles3w
New Contributor II

I have a utility that uses port ####(redacted), and need to open the local Mac's firewall to handle this. I'm not very experienced with OS X firewalls other then the pretty GUI. My research has revealed that for the command line:

ipfw is deprecated
pfctl replaces ipfw
socketfilterfw handles application specific firewall issues
- also the '-t' option seems to be deprecated

Ideally I'd love to use a socketfilterfw command to add the utility as a trusted app
alternatively what would be the pfctl command to accept port #### connections?

Thanks,

- Miles

4 REPLIES 4

nessts
Valued Contributor II

its not easy nor is it pretty
https://www.google.com/search?q=os+x+pfctl+tutorial&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

nessts
Valued Contributor II

sorry this one was pretty good
http://krypted.com/mac-os-x/a-cheat-sheet-for-using-pf-in-os-x-lion-and-up/

malroy
New Contributor II

Try this command

/usr/libexec/ApplicationFirewall/socketfilterfw --add "applicaton location/xyz.app"

This will allow the socketfilterfw command to trusted the app and it will show up in the GUI

miles3w
New Contributor II

After much testing I found the sequence needed to add an app to the firewall. Thanks for the suggestions...
- Miles

# Start firewall in case it is off
/usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on

# Sign app binary
/usr/libexec/ApplicationFirewall/socketfilterfw -s "/appLocation/xyz.app/Contents/MacOS/xyz"

# Stop firewall
/usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate off

# Add binary as trusted application to firewall
/usr/libexec/ApplicationFirewall/socketfilterfw --add "/appLocation/xyz.app/Contents/MacOS/xyz"

# Start firewall
/usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on