Re: Firewall Exception Configuration
Re: Firewall Exception Configuration
- Subject: Re: Firewall Exception Configuration
- From: Josh Graessley <email@hidden>
- Date: Sat, 19 May 2007 17:26:17 +0200
Modifying the ipfw rules directly is likely to cause problems. Ipfw is
used for Internet sharing as well as the firewall. In addition, third
parties make use of ipfw. I believe the built-in firewall will detect
modifications and disable itself, assuming a third party firewall is
installed. One other challenge you may run in to is the possibility
that different versions of the os may build the firewall rules in a
slightly different way.
-josh
(from afar)
On May 19, 2007, at 3:57 PM, "Dr.Ian Silvester" <email@hidden>
wrote:
Hi Gordon,
OS X, being BSD Unix under the hood, uses iptables to implement its
firewall and indeed ipfw is the interface to it. Check the manpage
for details of its options. I am not sure where the standard
location for the configuration would be, but a bit of a google on
the above two keywords should locate it, or at least find the name
of the file. I would strongly recommend going via ipfw though, since
it will (I would imagine) do sanity checking on the entries you add.
You may also be interested in the Bastille Linux project since they
are doing an OS X port, and this presentation by them:
http://bastille-linux.sourceforge.net/jay/dc14.pdf
Cheers,
Ian
On 18 May 2007, at 23:29, Gordon Zhang wrote:
Hi All,
I am pretty new to the Mac OS and I need to know how to configure
the Firewall Exceptions Programmatically, like add application
exception or port exception on to the firewall.
I searched the list, They all metioned that we don't have APIs to
do that. I am wondering if it is still true for Mac OS10?
One thread methioned that ipfw may do the trick, can someone tell
me how?
Where is the Firewall information is saved in the system?
Thanks a lot everyone!
Gordon
Windows Live Hotmail with drag and drop, you can easily move and
organize your mail in one simple step Get it today!
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden