- Jamf Nation Community
- Products
- Jamf Pro
- Re: Blocking application on 10.8.3 Firewall
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-14-2013 11:37 PM
Hi.
We provide some applications through Self Service where we want to deny the traffic for it on the systems firewall.
We tried the following to block the application
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --add /Applications/APP.app
Application at path ( /Applications/APP.app ) added to firewall
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --blockapp /Applications/APP.app
Incoming connection to the application is blocked
If we check the App list it show the following:
ALF: total number of apps = 1
1 : /Applications/APP.app ( Allow incoming connections )
We are not able to block the application.
Any suggestions on that problem?
Thanks,
Maik
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-23-2013 09:24 PM
Adding applications is not the problem.
this works. --blockapp is not working.
And I got confirmation yesterday that there is a bug in 10.8 that deny to run the --blockapp command successfully.
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-15-2013 10:03 AM
Try going directly to the binary rather than .app. This example is terrible but here is one for Grab:
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --add /Applications/Utilities/Grab.app/Contents/MacOS/Grab
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --blockapp /Applications/Utilities/Grab.app/Contents/MacOS/Grab
If you are passing the command through the JSS to clients, you can nix the sudo as it will be executing as root.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-17-2013 12:00 AM
Jay.
Thanks for idea.
Same outcome here with this idea.
I for example took Skype
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --add /Applications//Skype.app/Contents/MacOS/Skype
Application at path (/Applications//Skype.app/Contents/MacOS/Skype) added to firewall
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --blockapp /Applications//Skype.app/Contents/MacOS/Skype
Incoming connection to the application is blocked
Running the --list command
1 : /Applications/Skype.app/Contents/MacOS/Skype
( Allow incoming connections )
Further ideas?
It's working in 10.7 without problems.
We fail on all machines where we test it.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-17-2013 12:25 AM
You can try breaking the app signed state if you need it desperately.
e.g.-
Open /Applications/VLC.app/Contents/Info.plist using TextWrangler and edit SUFeedURL key (or something) pointing to different url (e.g. http://www.google.com/) so it would not able to retrieve updates. Then Save and Exit.
Editing the file will break the app signature and will not allow Firewall exemption due to broken Signature (will regard as NOT properly Signed App) - Firewall will block the app automatically.
and then add it to the firewall to disable pop-up message.
/usr/libexec/ApplicationFirewall/socketfilterfw --add /Applications/VLC.appOptions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-23-2013 04:30 AM
Thanks Thusitha.
This will not help was we don't want to break the app signature.
Any other suggestion on that?
The Terminal commands for the socketfilterfw seems not to work in 10.8 as they worked before in 10.7.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-23-2013 04:35 PM
We are on OS X 10.8 and socketfilterfw --add command works fine for us.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-23-2013 09:24 PM
Adding applications is not the problem.
this works. --blockapp is not working.
And I got confirmation yesterday that there is a bug in 10.8 that deny to run the --blockapp command successfully.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-15-2014 02:16 PM
@maik.sanftenberg][/url][/url][/url
Did you get any further with this?
I'm having the same issue where I can --add and --remove apps fine. However, --blockapp and --unblockapp don't work. Terminal responds back that the change was made but nothing changes in the GUI or via --listapps. I have a ticket open with Apple but they are saying it works on their end.
They also told me they see no record of any bugs. Do you have case # or bug # I can point them to?
Thanks!
