Alternative Firewall solutions?

bbot
Contributor

We've tried using the integrated OS X Firewall but ran into issues while using Cisco Jabber. When whitelisted, Jabber would prompt to allow/deny connections and since users aren't admins here, they were unable to use Jabber. This appears to be a known issue as others on this forum have had the same issue with Jabber.

Is anyone using a 3rd party firewall software that is easy to manage and monitor via Casper?

9 REPLIES 9

lkrasno
Contributor II

Install via Self Service ? you could set that firewall exception at the time of install ? Seems simpler then any 3rd party alternative ?

Have a look at http://krypted.com/tag/manage-firewall-os-x-command-line/

bbot
Contributor

I've tried setting it via a bash script. The problem is even when the program is added to the firewall exception to always allow, it sometimes still prompts to allow/deny access, then prompts for admin password.

I've been using this..

!/bin/bash

This script checks to see if Firewall is disabled. If disabled, it will enable and set jabber/skype as trusted.

checkFirewall=/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate | awk '{print $3}'

if [[ "$checkFirewall" == "disabled." ]]; then

Start firewall

/usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on

Add trusted application to firewall

/usr/libexec/ApplicationFirewall/socketfilterfw --add /Applications/Cisco Jabber.app
/usr/libexec/ApplicationFirewall/socketfilterfw --add /Applications/Skype.app

else

echo "Firewall is already enabled"

fi

exit 0

bbot
Contributor

I've also tried to add the binary file /usr/libexec/ApplicationFirewall/socketfilterfw --add /Applications/Cisco Jabber.app/Contents/MacOS/Cisco Jabber to no avail

Some machines still prompt to allow/deny firewall when making external calls using Jabbber.

lkrasno
Contributor II

Are all your system using the same version of Jabber? Same OS ?

If not I'm suspecting that the newer version might be allowed due to code signing certs and therefore not prompt ?

If you can duplicate the prompt, maybe try running Composer to see whats being "written" when Allow is selected ?

bbot
Contributor

I like the Composer idea. I'll give that a shot. Thanks!

They're all running the same version, mixed OS between 10.10.5 and 10.11.4

tkimpton
Valued Contributor II

@bbot did you find the solution in the end? This is happening to me now.

Thanks

bbot
Contributor

@tkimpton No solution yet... It's been a huge pain /w Cisco Jabber and the built-in OS X application firewall...

tkimpton
Valued Contributor II

I had this today trying to make a call. I reset my firewall and then it worked. This is what i did

#!/bin/bash

# turn the firewall off 
/usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate off 

# remove the plist file 
rm -rf /Library/Preferences/com.apple.alf.plist 

# remove Cisco Jabber if it is in the list 
/usr/libexec/ApplicationFirewall/socketfilterfw --remove "/Applications/Cisco Jabber.app" > /dev/null 2>&1 

# turn the firewall on 
/usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on 


launchctl unload /System/Library/LaunchAgents/com.apple.alf.useragent.plist > /dev/null 2>&1 
launchctl unload /System/Library/LaunchDaemons/com.apple.alf.agent.plist > /dev/null 2>&1 
launchctl load /System/Library/LaunchAgents/com.apple.alf.useragent.plist > /dev/null 2>&1 
launchctl load /System/Library/LaunchDaemons/com.apple.alf.agent.plist

tkimpton
Valued Contributor II