• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Panther and Firewall API?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Panther and Firewall API?

  • Subject: Re: Panther and Firewall API?
  • From: Allan Nathanson <email@hidden>
  • Date: Tue, 2 Sep 2003 10:01:19 -0400
On Sep 2, 2003, at 9:37 AM, Huyler, Christopher M wrote:

This gives me the creeps. A firewall is a personal thing to a security
minded person, and other than firewall programs, I don't think any
other program should be messing with the firewall. And as a firewall
rule writer you have to worry about not stomping on anybody's rules,
not just Apple's...iChat may want port 5298 open, but the administrator

may want it closed.

Of course if Apple can come up with an API that's (a) safe (e.g.
requires root priveleges, so it's no more harmful then ipfw flush when
executed by the administrator), (b) uses an Apple supplied GUI to
prompt the user before making changes and (b) doesn't work unless
Apple's firewall is enabled, then I'm all for this feature. Otherwise,
I'd say stay the heck away from my firewall. At least that's my two
cents.

At the very least, there should be an API to allow a program to
determine whether the firewall is on and a specified port is open, and
possibly a callback to alert a program if its state has changed.
Requiring root privileges for any more functionality would be a must.

I am in strong favor of any kind of API because from an everyday user's
point of view, a firewall is a set-and-forget kind of thing. On top of
that, the concept of ports and sockets is very complex and they may not
understand what it means to open a port on the firewall. I (as a user)
would rather see a software installer prompt me (with password
verification) asking if I want it to configure my firewall than end up
calling support when I can't get the product to work...or worse turning
off the firewall altogether because I didn't know how to configure it.

Here's something to think about...

Yes, Apple includes some firewall capabilities with Mac OS X and we could most certainly add some APIs to interact with "our" firewall but what do we do for other firewall packages, firewalls that are included with your network hardware, firewalls maintained by the corporate IT departments, ... Is having an API that tells you that port 80 is not being blocked on your system by our firewall software really useful when you've got a (pick your favorite brand of) router that's blocking the port?

- Allan
_______________________________________________
macnetworkprog mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macnetworkprog
Do not post admin requests to the list. They will be ignored.
  • Follow-Ups:
    • Re: Panther and Firewall API?
      • From: Stéphane Sudre <email@hidden>
References: 
 >Re: Panther and Firewall API? (From: "Huyler, Christopher M" <email@hidden>)

  • Prev by Date: Re: Panther and Firewall API?
  • Next by Date: RE: Panther and Firewall API?
  • Previous by thread: Re: Panther and Firewall API?
  • Next by thread: Re: Panther and Firewall API?
  • Index(es):
    • Date
    • Thread