• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Adding ports to the firewall from an Installer?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Adding ports to the firewall from an Installer?


  • Subject: Re: Adding ports to the firewall from an Installer?
  • From: Ryan McGann <email@hidden>
  • Date: Fri, 1 Aug 2003 23:47:59 -0700

I asked this question on a different thread so disregard it if you have already read it.

Is there a way, either by command-line (through a shell script) or compiled application, to add a new port to the firewall settings in the Sharing Pref panel? . . .and make it stick.

I have tried making changes to the /Library/Preferences/com.apple.sharing.firewall.plist file with unsuccessfull results.
I have tried using setsockopt to add a rule from a C program but the rule is flushed any time someone goes into the Sharing Pref Panel and makes a change. (This includes turning on/off services such as Remote Login.)

I would like to avoid asking the user to add the port at all costs but it doesn't seem possible.

While I can't speak for Apple or others, I would not recommend this. First of all, the firewall is a security product, and you generally shouldn't be modifying a user's security settings. That's like an application going and changing the permissions on /System because it would be "easier".

Secondly, ipfw is a shared resource. It's used by Internet Sharing and several applications the user may have installed. What your application wants may not be what another application wants. What if through your rule, you totally hose the user's custom firewall rule settings, or screw up Internet Sharing?

I'd come up with a different solution to this problem.

Ryan

Arguing with an engineer is like wrestling with a pig in mud.
After a while, you realize the pig is enjoying it.
_______________________________________________
macnetworkprog mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macnetworkprog
Do not post admin requests to the list. They will be ignored.

  • Prev by Date: SecureTransport and HTTP/1.1 (is it ok?)
  • Next by Date: test please ignore
  • Previous by thread: Re: Adding ports to the firewall from an Installer?
  • Next by thread: RE: Adding ports to the firewall from an Installer?
  • Index(es):
    • Date
    • Thread