• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: firewall api
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: firewall api

  • Subject: Re: firewall api
  • From: Andrew Farmer <email@hidden>
  • Date: Fri, 23 Jan 2009 00:13:23 -0800
On 22 Jan 09, at 14:38, Chris Benedict wrote:
First, I'm pretty new to Mac OS X programming so please bear with my ignorance.

I was hoping to get a bit of quick advice. I'm wanting to write a little application that will kind of put my MacBook in a lock down mode of sorts. It would need to block/ignore all network traffic except for an app or two when you hit a button and then deactivate when you hit another button to return to the original settings.

My question is whether or not there is a public API to interact with the built-in firewall on Mac OS X 10.5 or if I would need to interface with system preferences somehow and just setup the firewall to block all connections except for the one app that I want to allow through or if there is a completely different way to go about doing this. I found a program called Little Snitch which seems similar but way overkill for what I want to do and at first glance it looks like they do things with the drivers or something like that which honestly is above my head.

The built-in firewall is ipfw - the implementation on OS X is largely identical to the implementation in FreeBSD, so there's plenty of documentation online. I'm not aware of any specific API provided by Apple for managing the firewall, but the ipfw tool is probably good enough. Note that you'll need root privileges to use it.

The limit you're going to run into trying to write a tool like this is that you can't apply packet filters on a per-application level. The closest you can get is blocking packets which are addressed to specific ports, or which are destined for processes owned by specific users. Little Snitch accomplishes finer-grained restrictions by implementing a kernel extension; I do *NOT* recommend taking this approach unless you have a lot of spare time, and don't mind debugging kernel panics.
_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




  • Follow-Ups:

      

    • Re: firewall api

      • From: Chris Benedict <email@hidden>
      • 





References: 


 >firewall api (From: Chris Benedict <email@hidden>)






    

  • Prev by Date:
CALayer scaling issue

    • 

  • Next by Date:
Re: Using the security framework

    • 

  • Previous by thread:
firewall api

    • 

  • Next by thread:
Re: firewall api

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •