zoukankan      html  css  js  c++  java
  • config OSX firewall programmatically

    osx firewall configuration file is : /Library/Preferences/com.apple.alf.plist

    the default plist and firewall programs are under:/usr/libexec/ApplicationFirewall

    To configure the firewall to block all incoming traffic:

      /usr/libexec/ApplicationFirewall/socketfilterfw --setblockall on

    To see if block all is enabled:

      /usr/libexec/ApplicationFirewall/socketfilterfw --getblockall

      The output would be as follows, if successful:

        Firewall is set to block all non-essential incoming connections

    A couple of global options that can be set. Stealth Mode:

      /usr/libexec/ApplicationFirewall/socketfilterfw --setstealthmode on

    To check if stealth mode is enabled:

      /usr/libexec/ApplicationFirewall/socketfilterfw --getstealthmode

    To turn on firewall logging:

      /usr/libexec/ApplicationFirewall/socketfilterfw --setloggingmode on

    To control the verbosity of logs, using throttled, brief or detail:

      /usr/libexec/ApplicationFirewall/socketfilterfw --setloggingopt: detail

    To start the firewall:

      /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on

    To sanity check whether it’s started:

      /usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate

    To allow signed applications:

      /usr/libexec/ApplicationFirewall/socketfilterfw --setallowsigned on

    To check if you allow signed apps:

      /usr/libexec/ApplicationFirewall/socketfilterfw --getallowsigned

    To show the status of each filtered application:

      /usr/libexec/ApplicationFirewall/socketfilterfw --listapps

    To check if an app is blocked:

      /usr/libexec/ApplicationFirewall/socketfilterfw –getappblocked /Applications/MyApp.app/Contents/MacOS/myapp

    This shows the number of exceptions, explicitly allowed apps and signed exceptions as well as process names and allowed app statuses. There is also a list of TRUSTEDAPPS, which will initially be populated by Apple tools with sharing capabilities (e.g. httpd & smbd). If you are enabling the firewall using a script, first sign your applications that need to allow sharing but are not in the TRUSTEDAPPS section by using the -s option along with the application binary (not the .app bundle):

        /usr/libexec/ApplicationFirewall/socketfilterfw -s /Applications/MyApp.app/Contents/MacOS/myapp

      Once signed, verify the signature:

        /usr/libexec/ApplicationFirewall/socketfilterfw -v /Applications/MyApp.app/Contents/MacOS/myapp

      Once signed, trust the application using the –add option:

        /usr/libexec/ApplicationFirewall/socketfilterfw --add /Applications/MyApp.app/Contents/MacOS/myapp

    To see a list of trusted applications:

      /usr/libexec/ApplicationFirewall/socketfilterfw -l

  • 相关阅读:
    mac 版 Pycharm 激活
    最快的 maven repository--阿里镜像仓库
    java-Object
    java --replaceAll方法
    正则表达式中^[a-z]与[^a-z]有区别吗
    keyListener用的健值表,保留一份
    java播放背景音乐 mp3和mav都可以播放
    腾讯云ubuntu远程桌面
    nginx 配置转发到其他多台服务器
    java 键盘监听事件
  • 原文地址:https://www.cnblogs.com/shaellancelot/p/7419860.html
Copyright © 2011-2022 走看看