Re: Adding ports to the firewall from an Installer?
Re: Adding ports to the firewall from an Installer?
- Subject: Re: Adding ports to the firewall from an Installer?
- From: Ryan McGann <email@hidden>
- Date: Fri, 1 Aug 2003 23:47:59 -0700
I asked this question on a different thread so disregard it if you
have already read it.
Is there a way, either by command-line (through a shell script) or
compiled application, to add a new port to the firewall settings in
the Sharing Pref panel? . . .and make it stick.
I have tried making changes to the
/Library/Preferences/com.apple.sharing.firewall.plist file with
unsuccessfull results.
I have tried using setsockopt to add a rule from a C program but the
rule is flushed any time someone goes into the Sharing Pref Panel and
makes a change. (This includes turning on/off services such as Remote
Login.)
I would like to avoid asking the user to add the port at all costs but
it doesn't seem possible.
While I can't speak for Apple or others, I would not recommend this.
First of all, the firewall is a security product, and you generally
shouldn't be modifying a user's security settings. That's like an
application going and changing the permissions on /System because it
would be "easier".
Secondly, ipfw is a shared resource. It's used by Internet Sharing and
several applications the user may have installed. What your application
wants may not be what another application wants. What if through your
rule, you totally hose the user's custom firewall rule settings, or
screw up Internet Sharing?
I'd come up with a different solution to this problem.
Ryan
Arguing with an engineer is like wrestling with a pig in mud.
After a while, you realize the pig is enjoying it.
_______________________________________________
macnetworkprog mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/macnetworkprog
Do not post admin requests to the list. They will be ignored.