Re: Panther and Firewall API?
Re: Panther and Firewall API?
- Subject: Re: Panther and Firewall API?
- From: Ryan McGann <email@hidden>
- Date: Wed, 27 Aug 2003 22:44:12 -0700
On Wednesday, August 27, 2003, at 10:00 PM,
email@hidden wrote:
At 11:00 -0400 27/8/03, Robert MacGregor wrote:
Will 10.3, Panther, contain a public API for configuring OS X's
firewall?
Barring a totally unexpected turn of events, Panther will be like
Jaguar in this respect. That is, you can use various ioctls to
configure the firewall at the BSD level, but there's no way to
coordinate this with our firewall code.
Please file an enhancement request stating what your product does and
what you'd like in as far as API is concerned. If you email the bug
number to me, I'd be grateful.
This gives me the creeps. A firewall is a personal thing to a security
minded person, and other than firewall programs, I don't think any
other program should be messing with the firewall. And as a firewall
rule writer you have to worry about not stomping on anybody's rules,
not just Apple's...iChat may want port 5298 open, but the administrator
may want it closed.
Of course if Apple can come up with an API that's (a) safe (e.g.
requires root priveleges, so it's no more harmful then ipfw flush when
executed by the administrator), (b) uses an Apple supplied GUI to
prompt the user before making changes and (b) doesn't work unless
Apple's firewall is enabled, then I'm all for this feature. Otherwise,
I'd say stay the heck away from my firewall. At least that's my two
cents.
Anyway, if you could put that into the bug, I'd appreciate it. :-)
Thanks,
Ryan
Arguing with an engineer is like wrestling with a pig in mud.
After a while, you realize the pig is enjoying it.
_______________________________________________
macnetworkprog mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/macnetworkprog
Do not post admin requests to the list. They will be ignored.