Skip to main content
Question

Opening application or port on Firewall for 10.7 and 10.8 Macs

  • February 13, 2013
  • 4 replies
  • 14 views
M
Forum|alt.badge.img+3

I have a utility that uses port ####(redacted), and need to open the local Mac's firewall to handle this. I'm not very experienced with OS X firewalls other then the pretty GUI. My research has revealed that for the command line:

ipfw is deprecated
pfctl replaces ipfw
socketfilterfw handles application specific firewall issues
- also the '-t' option seems to be deprecated

Ideally I'd love to use a socketfilterfw command to add the utility as a trusted app
alternatively what would be the pfctl command to accept port #### connections?

Thanks,

- Miles

    4 replies

    N
    Forum|alt.badge.img+18
    • nessts
    • Valued Contributor
    • February 13, 2013

    its not easy nor is it pretty
    https://www.google.com/search?q=os+x+pfctl+tutorial&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

    N
    Forum|alt.badge.img+18
    • nessts
    • Valued Contributor
    • February 13, 2013

    sorry this one was pretty good
    http://krypted.com/mac-os-x/a-cheat-sheet-for-using-pf-in-os-x-lion-and-up/

    M
    Forum|alt.badge.img+4
    • malroy
    • Contributor
    • February 17, 2013

    Try this command

    /usr/libexec/ApplicationFirewall/socketfilterfw --add "applicaton location/xyz.app"

    This will allow the socketfilterfw command to trusted the app and it will show up in the GUI

    M
    Forum|alt.badge.img+3
    • miles3w
    • Author
    • New Contributor
    • February 19, 2013

    After much testing I found the sequence needed to add an app to the firewall. Thanks for the suggestions...
    - Miles

    # Start firewall in case it is off
    /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on

    # Sign app binary
    /usr/libexec/ApplicationFirewall/socketfilterfw -s "/appLocation/xyz.app/Contents/MacOS/xyz"

    # Stop firewall
    /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate off

    # Add binary as trusted application to firewall
    /usr/libexec/ApplicationFirewall/socketfilterfw --add "/appLocation/xyz.app/Contents/MacOS/xyz"

    # Start firewall
    /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on

    Terms & ConditionsCookie settingsAccessibility statement