RE: Adding ports to the firewall from an Installer?
RE: Adding ports to the firewall from an Installer?
- Subject: RE: Adding ports to the firewall from an Installer?
- From: "Huyler, Christopher M" <email@hidden>
- Date: Mon, 4 Aug 2003 09:47:44 -0400
- Thread-topic: Adding ports to the firewall from an Installer?
Well, in the case of my app, an enterprise virus protection solution, its sole purpose is to increase _security_. If the user wants virus protection, they have to be able to get updates from the administrative server. And the administrative server needs to know when a virus outbreak occurs. There is much more communication that goes on but you get the idea. The only twist is that the client listens for instructions from the server on what to do so every client must be able to listen on our specified port.
Since most likely it will be an IT/IS person who installs the software (and not the user), a quick easy install is my goal. A remote install is also in the cards, which is not possible if the person performing the install must open System Preferences.
My plan was...to alert the installer that the firewall is turned on and give them an option to allow our network traffic to pass through. If they decide not to let the traffic through the install will stop. This gives the installer three options: allow our firewall rule, disable the firewall, don't install our software.
Imagine installing a piece of software on 200 machines in a computer lab. Lets asume the IT person turned on the firewall on each one to increase security, and now they want virus protection as well. Would you want to open system preferences and add the necessary ports to the firewall for every machine or would you rather not think about it?
-----Original Message-----
From: otherguy [
mailto:email@hidden]
Sent: Friday, August 01, 2003 6:21 PM
To: Huyler, Christopher M
Cc: email@hidden
Subject: Re: Adding ports to the firewall from an Installer?
Would best practices necessitate asking the user?
Personally, if I found an app was modifying my _security_ software
without my permission, I'd stop using it immediately. I understand the
desire to make things easier on people, but I'd much rather see it in
the documentation, than be surprised when I see it done for me.
-Cameron Wilhelm
On Friday, August 1, 2003, at 03:12 PM, Huyler, Christopher M wrote:
>
I asked this question on a different thread so disregard it if you
>
have already read it.
>
>
Is there a way, either by command-line (through a shell script) or
>
compiled application, to add a new port to the firewall settings in
>
the Sharing Pref panel? . . .and make it stick.
>
>
I have tried making changes to the
>
/Library/Preferences/com.apple.sharing.firewall.plist file with
>
unsuccessfull results.
>
I have tried using setsockopt to add a rule from a C program but the
>
rule is flushed any time someone goes into the Sharing Pref Panel and
>
makes a change. (This includes turning on/off services such as Remote
>
Login.)
>
>
I would like to avoid asking the user to add the port at all costs but
>
it doesn't seem possible.
>
>
Thanks for your input.
>
>
--
>
Christopher Huyler
>
Computer Associates
>
_______________________________________________
>
macnetworkprog mailing list | email@hidden
>
Help/Unsubscribe/Archives:
>
http://www.lists.apple.com/mailman/listinfo/macnetworkprog
>
Do not post admin requests to the list. They will be ignored.
_______________________________________________
macnetworkprog mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/macnetworkprog
Do not post admin requests to the list. They will be ignored.