zoukankan      html  css  js  c++  java
  • config OSX firewall programmatically

    osx firewall configuration file is : /Library/Preferences/com.apple.alf.plist

    the default plist and firewall programs are under:/usr/libexec/ApplicationFirewall

    To configure the firewall to block all incoming traffic:

      /usr/libexec/ApplicationFirewall/socketfilterfw --setblockall on

    To see if block all is enabled:

      /usr/libexec/ApplicationFirewall/socketfilterfw --getblockall

      The output would be as follows, if successful:

        Firewall is set to block all non-essential incoming connections

    A couple of global options that can be set. Stealth Mode:

      /usr/libexec/ApplicationFirewall/socketfilterfw --setstealthmode on

    To check if stealth mode is enabled:

      /usr/libexec/ApplicationFirewall/socketfilterfw --getstealthmode

    To turn on firewall logging:

      /usr/libexec/ApplicationFirewall/socketfilterfw --setloggingmode on

    To control the verbosity of logs, using throttled, brief or detail:

      /usr/libexec/ApplicationFirewall/socketfilterfw --setloggingopt: detail

    To start the firewall:

      /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on

    To sanity check whether it’s started:

      /usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate

    To allow signed applications:

      /usr/libexec/ApplicationFirewall/socketfilterfw --setallowsigned on

    To check if you allow signed apps:

      /usr/libexec/ApplicationFirewall/socketfilterfw --getallowsigned

    To show the status of each filtered application:

      /usr/libexec/ApplicationFirewall/socketfilterfw --listapps

    To check if an app is blocked:

      /usr/libexec/ApplicationFirewall/socketfilterfw –getappblocked /Applications/MyApp.app/Contents/MacOS/myapp

    This shows the number of exceptions, explicitly allowed apps and signed exceptions as well as process names and allowed app statuses. There is also a list of TRUSTEDAPPS, which will initially be populated by Apple tools with sharing capabilities (e.g. httpd & smbd). If you are enabling the firewall using a script, first sign your applications that need to allow sharing but are not in the TRUSTEDAPPS section by using the -s option along with the application binary (not the .app bundle):

        /usr/libexec/ApplicationFirewall/socketfilterfw -s /Applications/MyApp.app/Contents/MacOS/myapp

      Once signed, verify the signature:

        /usr/libexec/ApplicationFirewall/socketfilterfw -v /Applications/MyApp.app/Contents/MacOS/myapp

      Once signed, trust the application using the –add option:

        /usr/libexec/ApplicationFirewall/socketfilterfw --add /Applications/MyApp.app/Contents/MacOS/myapp

    To see a list of trusted applications:

      /usr/libexec/ApplicationFirewall/socketfilterfw -l

  • 相关阅读:
    列表推导式和生成器表达式
    迭代器和生成器
    闭包和装饰器
    函数命名空间和作用域
    华为笔试题06
    华为笔试题05
    华为笔试题04
    华为笔试题03
    华为笔试题02
    华为笔试题01
  • 原文地址:https://www.cnblogs.com/shaellancelot/p/7419860.html
Copyright © 2011-2022 走看看