Re: Adding firewall rules at runtime...
Re: Adding firewall rules at runtime...
- Subject: Re: Adding firewall rules at runtime...
- From: Dave Camp <email@hidden>
- Date: Fri, 1 Aug 2003 13:17:26 -0700
This would be a good question to ask on the networking list. There are
some very helpful and knowledgeable people there.
Dave
On Friday, August 1, 2003, at 12:35 PM, Huyler, Christopher M wrote:
Thank you.
I just ran a few tests and making changes to the
com.apple.sharing.firewall plist gives the following results:
1) if the firewall is not running, the changes are overwritten by the
previous version of the file. I don't know where it gets this cached
version but I could not get it to read in my new port.
2) if the firewall IS running, the firewall tab will issue an error
saying that a different firewall is running and will have to be
stopped before any changes can be made.
So editing the plist file is a no go. That leaves me with two options
then.
1) Use the setsockopt firewall flag to add my rule (similar to adding
a rule using ipfw) and hope the user doesn't try to turn on/off any
sharing services or add any ports to the firewall. I could check
periodically for the rule I suppose.
2) Tell the user to add the new ports manually. This contricts the
whole "Installing software on a Mac should be easy" theory because the
user shouldn't have to do anything except for launch the installer and
make a few decisions on what to install.
Or option 3 which is out of my control...The Sharing Pref Panel should
remove its rules individually instead of flushing all the rules and
re-adding the ones it knows about. At least then someone could run OS
X in a real firewall environment with real firewall rules (instead of
simple open port rules).
-----Original Message-----
From: Cameron Hayne [mailto:email@hidden]
Sent: Friday, August 01, 2003 3:01 PM
To: Huyler, Christopher M; Creed Erickson
Cc: cocoa dev lists.apple.com
Subject: Re: Adding firewall rules at runtime...
On 1/8/03 2:11 PM, "Huyler, Christopher M" <email@hidden>
wrote:
Out of curiousity, is there a way to use the "defaults" preferences
utility to
modify the com.apple.sharing.firewall.plist file?
Someone mentioned I could read the whole file using Obj-C, add a new
key and
dictionary corresponding to my port, then output the file.
I recall reading that the Apple Firewall Pref Pane refuses to work if
it
detects any ipfw rule that it doesn't know about. So modifying the
plist
file seems likely to cause problems.
--
Cameron Hayne (email@hidden)
Hayne of Tintagel
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.
---
There's an old proverb that says just about whatever you want it to.
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.