RE: Adding firewall rules at runtime...
RE: Adding firewall rules at runtime...
- Subject: RE: Adding firewall rules at runtime...
- From: "Huyler, Christopher M" <email@hidden>
- Date: Fri, 1 Aug 2003 15:35:35 -0400
- Thread-topic: Adding firewall rules at runtime...
Thank you.
I just ran a few tests and making changes to the com.apple.sharing.firewall plist gives the following results:
1) if the firewall is not running, the changes are overwritten by the previous version of the file. I don't know where it gets this cached version but I could not get it to read in my new port.
2) if the firewall IS running, the firewall tab will issue an error saying that a different firewall is running and will have to be stopped before any changes can be made.
So editing the plist file is a no go. That leaves me with two options then.
1) Use the setsockopt firewall flag to add my rule (similar to adding a rule using ipfw) and hope the user doesn't try to turn on/off any sharing services or add any ports to the firewall. I could check periodically for the rule I suppose.
2) Tell the user to add the new ports manually. This contricts the whole "Installing software on a Mac should be easy" theory because the user shouldn't have to do anything except for launch the installer and make a few decisions on what to install.
Or option 3 which is out of my control...The Sharing Pref Panel should remove its rules individually instead of flushing all the rules and re-adding the ones it knows about. At least then someone could run OS X in a real firewall environment with real firewall rules (instead of simple open port rules).
-----Original Message-----
From: Cameron Hayne [
mailto:email@hidden]
Sent: Friday, August 01, 2003 3:01 PM
To: Huyler, Christopher M; Creed Erickson
Cc: cocoa dev lists.apple.com
Subject: Re: Adding firewall rules at runtime...
On 1/8/03 2:11 PM, "Huyler, Christopher M" <email@hidden>
wrote:
>
Out of curiousity, is there a way to use the "defaults" preferences utility to
>
modify the com.apple.sharing.firewall.plist file?
>
>
Someone mentioned I could read the whole file using Obj-C, add a new key and
>
dictionary corresponding to my port, then output the file.
I recall reading that the Apple Firewall Pref Pane refuses to work if it
detects any ipfw rule that it doesn't know about. So modifying the plist
file seems likely to cause problems.
--
Cameron Hayne (email@hidden)
Hayne of Tintagel
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.