• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: testing for firewall and modifying ports
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: testing for firewall and modifying ports

  • Subject: Re: testing for firewall and modifying ports
  • From: Ryan McGann <email@hidden>
  • Date: Fri, 5 Nov 2004 19:12:45 -0800
On Nov 5, 2004, at 12:06 PM, email@hidden wrote:

If we want the user to give us the admin password (which they'll often
need to do later in our setup, anyway), we can run 'ipfw' and look at
the output, or directly read kernel data structures. But... if
someone's using a third-party firewall, are they sitting on top the
ipfw world, or can a third-party system be something completely
different from ipfw?
As the engineer at a company that has firewall software, my answer is: don't. There's way too many combinations for you to consider.
- There's Apple's firewall configured via the GUI.
- There's Apple's firewall configured via the command line (in which case, no plist would exist).
- There's 3rd party companies which uses ipfw underneath.
- There's 3rd party companies that have their own firewall using a network kernel extension.
- There's the (completely seperate) IPv6 firewall, ip6fw (which may be configured manually or using a combination of the above).
- There may be a hardware NAT device/router attached to the machine, which will have the same effect as a software router.
- And above all, the user may be in an environment where the firewall rules should not be changed (e.g. a corporate or education institution) where the user may not have admin priviledges, or the ability to modify the firewall.

If you find you cannot connect (on the client end), do what iTunes does and politely tell the user that a firewall may be the culprit. But attempting to heuristically determine if a packet filter is installed, running and configured (hardware or otherwise) is a lot more code then I bet you're willing to write.

Ryan McGann

Arguing with an engineer is like wrestling with a pig in mud.
After a while, you realize the pig is enjoying it.

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




  • Follow-Ups:

      

    • Communicating With Browser

      • From: Zack Morris <email@hidden>
      • 



    

  • Prev by Date:
testing for firewall and modifying ports

    • 

  • Next by Date:
Communicating With Browser

    • 

  • Previous by thread:
testing for firewall and modifying ports

    • 

  • Next by thread:
Communicating With Browser

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •