Re: firewall api
Re: firewall api
- Subject: Re: firewall api
- From: Andrew Farmer <email@hidden>
- Date: Fri, 23 Jan 2009 00:13:23 -0800
On 22 Jan 09, at 14:38, Chris Benedict wrote:
First, I'm pretty new to Mac OS X programming so please bear with my
ignorance.
I was hoping to get a bit of quick advice. I'm wanting to write a
little application that will kind of put my MacBook in a lock down
mode of sorts. It would need to block/ignore all network traffic
except for an app or two when you hit a button and then deactivate
when you hit another button to return to the original settings.
My question is whether or not there is a public API to interact with
the built-in firewall on Mac OS X 10.5 or if I would need to
interface with system preferences somehow and just setup the
firewall to block all connections except for the one app that I want
to allow through or if there is a completely different way to go
about doing this. I found a program called Little Snitch which
seems similar but way overkill for what I want to do and at first
glance it looks like they do things with the drivers or something
like that which honestly is above my head.
The built-in firewall is ipfw - the implementation on OS X is largely
identical to the implementation in FreeBSD, so there's plenty of
documentation online. I'm not aware of any specific API provided by
Apple for managing the firewall, but the ipfw tool is probably good
enough. Note that you'll need root privileges to use it.
The limit you're going to run into trying to write a tool like this is
that you can't apply packet filters on a per-application level. The
closest you can get is blocking packets which are addressed to
specific ports, or which are destined for processes owned by specific
users. Little Snitch accomplishes finer-grained restrictions by
implementing a kernel extension; I do *NOT* recommend taking this
approach unless you have a lot of spare time, and don't mind debugging
kernel panics.
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
References: | |
| >firewall api (From: Chris Benedict <email@hidden>) |