Re: Programmatic firewall configuration
Re: Programmatic firewall configuration
- Subject: Re: Programmatic firewall configuration
- From: Dave Camp <email@hidden>
- Date: Mon, 24 Sep 2007 09:06:15 -0700
The networking list is a better place for the question, but
historically the answer is that there is no API and no plans for an
API because then any piece of malware could then open up your firewall.
Dave
On Sep 23, 2007, at 5:49 PM, Andrew Merenbach wrote:
Hi, Adrian,
I get the feeling that, although it would be convenient, this is a
Bad Idea (tm) because it changes an essential system behind the
user's back. Your product isn't malware, but what if malware
somehow had this ability? Perhaps other list users can chime in
with a better idea, such as an illustrated walkthrough, displayed
to the user, for the process of opening the Firewall port.
Cheers,
Andrew Merenbach
On Sep 23, 2007, at 5:35 PM, Adrian wrote:
I have an application that provides a service, listening on a user-
configurable port.
Currently, if OS X's firewall is active, the user must add a new
entry for my app to the firewall configuration in the Sharing pref
pane - otherwise the service can't be used from other machines.
Is it possible to open a port programatically to save the user
setting this up? Manipulating the ipfw rules manually is bad
because it disables the preferences GUI. I found a post from a few
years ago (10.2) on this topic, discussing direct manipulation of
com.apple.sharing.firewall.plist (doesn't work), and indicating
the possibility of an API for this purpose.
Thank you,
Adrian
In 2003, Jens Alfke wrote:
> A simpler approach to just look at the settings from the gui;
these
> are stored in a plist in
> /Library/Preferences/com.apple.sharing.firewall.plist . This
won't
> help if the user has set up a sophisticated manually configured
> firewall, but if they can do that, they can fix their own
problems :-)
I just checked with Elizabeth Douglas, who owns the firewall GUI.
She
would prefer that developers not access this file.
* Above all else, DO NOT MODIFY the file. It merely shadows the real
firewall settings, so changing it will not affect the real firewall;
but it will confuse & annoy the firewall pref panel next time it
runs.
* It's possible to read the file to determine how the GUI has set up
the firewall, but the format of the file may change in the
future, so
we'd rather you not do this.
* In the next major OS X release there will be an API developers can
use to access the firewall settings; that will be the way to go.
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
40criticalpath.com
This email sent to email@hidden
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden