• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Programmatic firewall configuration
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Programmatic firewall configuration

  • Subject: Re: Programmatic firewall configuration
  • From: Andrew Merenbach <email@hidden>
  • Date: Sun, 23 Sep 2007 17:49:09 -0700
Hi, Adrian,

I get the feeling that, although it would be convenient, this is a Bad Idea (tm) because it changes an essential system behind the user's back. Your product isn't malware, but what if malware somehow had this ability? Perhaps other list users can chime in with a better idea, such as an illustrated walkthrough, displayed to the user, for the process of opening the Firewall port.

Cheers,
    Andrew Merenbach

On Sep 23, 2007, at 5:35 PM, Adrian wrote:

I have an application that provides a service, listening on a user- configurable port.

Currently, if OS X's firewall is active, the user must add a new entry for my app to the firewall configuration in the Sharing pref pane - otherwise the service can't be used from other machines.

Is it possible to open a port programatically to save the user setting this up? Manipulating the ipfw rules manually is bad because it disables the preferences GUI. I found a post from a few years ago (10.2) on this topic, discussing direct manipulation of com.apple.sharing.firewall.plist (doesn't work), and indicating the possibility of an API for this purpose.

Thank you,
Adrian


In 2003, Jens Alfke wrote:
> A simpler approach to just look at the settings from the gui; these
> are stored in a plist in
> /Library/Preferences/com.apple.sharing.firewall.plist . This won't
> help if the user has set up a sophisticated manually configured
> firewall, but if they can do that, they can fix their own problems :-)

I just checked with Elizabeth Douglas, who owns the firewall GUI. She
would prefer that developers not access this file.

* Above all else, DO NOT MODIFY the file. It merely shadows the real
firewall settings, so changing it will not affect the real firewall;
but it will confuse & annoy the firewall pref panel next time it runs.

* It's possible to read the file to determine how the GUI has set up
the firewall, but the format of the file may change in the future, so
we'd rather you not do this.

* In the next major OS X release there will be an API developers can
use to access the firewall settings; that will be the way to go.

_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden


_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




  • Follow-Ups:

      

    • Re: Programmatic firewall configuration

      • From: Dave Camp <email@hidden>
      • 





References: 


 >Programmatic firewall configuration (From: Adrian <email@hidden>)






    

  • Prev by Date:
Programmatic firewall configuration

    • 

  • Next by Date:
Re: Sliders and Timers

    • 

  • Previous by thread:
Programmatic firewall configuration

    • 

  • Next by thread:
Re: Programmatic firewall configuration

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •