config OSX firewall programmatically

Posted shael

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了config OSX firewall programmatically相关的知识,希望对你有一定的参考价值。

osx firewall configuration file is : /Library/Preferences/com.apple.alf.plist

the default plist and firewall programs are under:/usr/libexec/ApplicationFirewall

 

To configure the firewall to block all incoming traffic:

  /usr/libexec/ApplicationFirewall/socketfilterfw --setblockall on

To see if block all is enabled:

  /usr/libexec/ApplicationFirewall/socketfilterfw --getblockall

  The output would be as follows, if successful:

    Firewall is set to block all non-essential incoming connections

A couple of global options that can be set. Stealth Mode:

  /usr/libexec/ApplicationFirewall/socketfilterfw --setstealthmode on

To check if stealth mode is enabled:

  /usr/libexec/ApplicationFirewall/socketfilterfw --getstealthmode

To turn on firewall logging:

  /usr/libexec/ApplicationFirewall/socketfilterfw --setloggingmode on

To control the verbosity of logs, using throttled, brief or detail:

  /usr/libexec/ApplicationFirewall/socketfilterfw --setloggingopt: detail

To start the firewall:

  /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on

To sanity check whether it’s started:

  /usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate

To allow signed applications:

  /usr/libexec/ApplicationFirewall/socketfilterfw --setallowsigned on

To check if you allow signed apps:

  /usr/libexec/ApplicationFirewall/socketfilterfw --getallowsigned

To show the status of each filtered application:

  /usr/libexec/ApplicationFirewall/socketfilterfw --listapps

To check if an app is blocked:

  /usr/libexec/ApplicationFirewall/socketfilterfw –getappblocked /Applications/MyApp.app/Contents/MacOS/myapp

This shows the number of exceptions, explicitly allowed apps and signed exceptions as well as process names and allowed app statuses. There is also a list of TRUSTEDAPPS, which will initially be populated by Apple tools with sharing capabilities (e.g. httpd & smbd). If you are enabling the firewall using a script, first sign your applications that need to allow sharing but are not in the TRUSTEDAPPS section by using the -s option along with the application binary (not the .app bundle):

    /usr/libexec/ApplicationFirewall/socketfilterfw -s /Applications/MyApp.app/Contents/MacOS/myapp

  Once signed, verify the signature:

    /usr/libexec/ApplicationFirewall/socketfilterfw -v /Applications/MyApp.app/Contents/MacOS/myapp

  Once signed, trust the application using the –add option:

    /usr/libexec/ApplicationFirewall/socketfilterfw --add /Applications/MyApp.app/Contents/MacOS/myapp

To see a list of trusted applications:

  /usr/libexec/ApplicationFirewall/socketfilterfw -l

以上是关于config OSX firewall programmatically的主要内容,如果未能解决你的问题,请参考以下文章

windows advanced firewall simple config

pkg-config 和 OSX 10.8,正确的 PKG_CONFIG_PATH?缺少 .pc 文件?

sh _my_osx_configs.sh

Openwrt开发之防火墙配置

在 osx 10.8 上安装 mysql-python 时找不到“my_config.h”文件

基础部分之Firewall和iptables