Posted on 02-13-2013 12:42 PM
I have a utility that uses port ####(redacted), and need to open the local Mac's firewall to handle this. I'm not very experienced with OS X firewalls other then the pretty GUI. My research has revealed that for the command line:
ipfw is deprecated
pfctl replaces ipfw
socketfilterfw handles application specific firewall issues
- also the '-t' option seems to be deprecated
Ideally I'd love to use a socketfilterfw command to add the utility as a trusted app
alternatively what would be the pfctl command to accept port #### connections?
Thanks,
- Miles
Posted on 02-13-2013 12:44 PM
its not easy nor is it pretty
https://www.google.com/search?q=os+x+pfctl+tutorial&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Posted on 02-13-2013 12:45 PM
sorry this one was pretty good
http://krypted.com/mac-os-x/a-cheat-sheet-for-using-pf-in-os-x-lion-and-up/
Posted on 02-17-2013 03:29 PM
Try this command
/usr/libexec/ApplicationFirewall/socketfilterfw --add "applicaton location/xyz.app"
This will allow the socketfilterfw command to trusted the app and it will show up in the GUI
Posted on 02-19-2013 08:49 AM
After much testing I found the sequence needed to add an app to the firewall. Thanks for the suggestions...
- Miles
# Start firewall in case it is off
/usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on
# Sign app binary
/usr/libexec/ApplicationFirewall/socketfilterfw -s "/appLocation/xyz.app/Contents/MacOS/xyz"
# Stop firewall
/usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate off
# Add binary as trusted application to firewall
/usr/libexec/ApplicationFirewall/socketfilterfw --add "/appLocation/xyz.app/Contents/MacOS/xyz"
# Start firewall
/usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on