• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
RE: Adding ports to the firewall from an Installer?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Adding ports to the firewall from an Installer?


  • Subject: RE: Adding ports to the firewall from an Installer?
  • From: Quinn <email@hidden>
  • Date: Wed, 6 Aug 2003 09:24:47 +0100

At 9:47 -0400 4/8/03, Huyler, Christopher M wrote:
Imagine installing a piece of software on 200 machines in a computer lab. Lets asume the IT person turned on the firewall on each one to increase security, and now they want virus protection as well. Would you want to open system preferences and add the necessary ports to the firewall for every machine or would you rather not think about it?

There is no supported API to add or modify firewall rules. Modifying the ipfw in-kernel rules via setsockopt is unsupported because there's no way to coordination your operation with our firewall software. Modifying the firewall preferences is unsupported for the same reason that modifying random preferences is always unsupported: we can't guarantee binary compatibility.

Thus, for current systems (up to and including Panther), you're on your own. You could implement one of the unsupported alternatives described above but, before doing, so you should consider the binary compatibility risks and weigh them against the user convenience.

Regardless, the situation you describe is a fine justification for a new API. I've already filed a bug <rdar://problem/3320556> requesting that we provide an API so that application vendors can accurately determine whether their port is being blocked by the firewall. My expected usage scenario was that an application vendor would call this API when they start serving on a port, and warn the user if the port was blocked by the firewall. However, this bug doesn't cover the more advanced facilities that you need.

Please submit a bug report explaining your situation and what you need.

<http://developer.apple.com/bugreporter/>

Let me know what the bug number is.

S+E
--
Quinn "The Eskimo!" <http://www.apple.com/developer/>
Apple Developer Technical Support * Networking, Communications, Hardware
_______________________________________________
macnetworkprog mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macnetworkprog
Do not post admin requests to the list. They will be ignored.

References: 
 >RE: Adding ports to the firewall from an Installer? (From: "Huyler, Christopher M" <email@hidden>)

  • Prev by Date: recvfrom sockaddr?
  • Next by Date: Re: recvfrom sockaddr?
  • Previous by thread: RE: Adding ports to the firewall from an Installer?
  • Next by thread: RE: Adding ports to the firewall from an Installer?
  • Index(es):
    • Date
    • Thread