Re: Firewall Exception Configuration
Re: Firewall Exception Configuration
- Subject: Re: Firewall Exception Configuration
- From: Dr.Ian Silvester <email@hidden>
- Date: Sat, 19 May 2007 20:27:41 +0100
On 19 May 2007, at 16:26, Josh Graessley wrote:
Modifying the ipfw rules directly is likely to cause problems. Ipfw is
used for Internet sharing as well as the firewall.
Yes, but so long as one's own rules don't interfere with those for
internet sharing then all is good. Just switch on internet sharing,
list the rules, compare with the list with it off and you're good to
go.
In addition, third parties make use of ipfw. I believe the built-in
firewall will detect modifications and disable itself, assuming a
third party firewall is installed.
Test this - IIRC if you modify the rules all that disables itself is
the Firewall Preferences panel, not the firewall.
One other challenge you may run in to is the possibility that
different versions of the os may build the firewall rules in a
slightly different way.
Yes, this is possible.
Re-reading your question Gordon, to use ipfw you'll need to either wrap
it in ObjC, hints:
http://cocoadevcentral.com/articles/000025.php
http://cocoadevcentral.com/articles/000031.php
or if ObjC offers it, use the 'system' function to call Unix commands.
Ian
-josh
(from afar)
On May 19, 2007, at 3:57 PM, "Dr.Ian Silvester" <email@hidden>
wrote:
Hi Gordon,
OS X, being BSD Unix under the hood, uses iptables to implement its
firewall and indeed ipfw is the interface to it. Check the manpage
for details of its options. I am not sure where the standard location
for the configuration would be, but a bit of a google on the above
two keywords should locate it, or at least find the name of the file.
I would strongly recommend going via ipfw though, since it will (I
would imagine) do sanity checking on the entries you add.
You may also be interested in the Bastille Linux project since they
are doing an OS X port, and this presentation by them:
http://bastille-linux.sourceforge.net/jay/dc14.pdf
Cheers,
Ian
On 18 May 2007, at 23:29, Gordon Zhang wrote:
Hi All,
I am pretty new to the Mac OS and I need to know how to configure
the Firewall Exceptions Programmatically, like add application
exception or port exception on to the firewall.
I searched the list, They all metioned that we don't have APIs to do
that. I am wondering if it is still true for Mac OS10?
One thread methioned that ipfw may do the trick, can someone tell me
how?
Where is the Firewall information is saved in the system?
Thanks a lot everyone!
Gordon
Windows Live Hotmail with drag and drop, you can easily move and
organize your mail in one simple step Get it today!
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
email@hidden
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
email@hidden
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden