Firewall settings - need assistance

scottb
Honored Contributor

So, we have a client that is going to be using "Foundstone" software to scan Macs/PC's for vulnerabilities. The client needs to be setup with a hidden account which is a normal user given SSH rights in order to scan/report on software, etc.

One of the requirements is to leave the firewall on while turning off Stealth Mode - easy enough.

sudo defaults write /Library/Preferences/com.apple.alf stealthenabled -int 0

The problem is that after flipping the Stealth Mode off, we can not get the ability to ping - and therefore scan the Macs - until after a reboot. We tried all sorts of things suggested here and elsewhere to get this to work, and so far, only a reboot does the trick. We're testing on 10.10.2/.3 at the moment and will likely have to run this on all the Macs going back to 10.6. I've love to find a way to get this setting flipped and not require a reboot as the client is highly averse to such things (don't ask).

We've tried flipping this on/off to see if that might work, no luck.

defaults write /Library/Preferences/com.apple.alf globalstate -int 0
defaults write /Library/Preferences/com.apple.alf globalstate -int 1

And:

launchctl unload /System/Library/LaunchAgents/com.apple.alf.useragent.plist
launchctl unload /System/Library/LaunchDaemons/com.apple.alf.agent.plist


launchctl load /System/Library/LaunchDaemons/com.apple.alf.agent.plist
launchctl load /System/Library/LaunchAgents/com.apple.alf.useragent.plist

If anyone has any ideas, I'd love to hear them.

1 ACCEPTED SOLUTION

nessts
Valued Contributor II

I think if you only use /usr/libexec/ApplicationFirewall/socketfilterfw to manage the firewall it works as we want.
Started on a machine with the firewall on and stealth mode off in the system preferences pane started a ping on another computer
/usr/libexec/ApplicationFirewall/socketfilterfw --setstealthmode on
stopped pinging
/usr/libexec/ApplicationFirewall/socketfilterfw --setstealthmode off
started pinging again
so just do it all through the socketfilterfw and it should be ok
I have used just that command nothing else and turned it on and off a couple of times now

View solution in original post

2 REPLIES 2

nessts
Valued Contributor II

I think if you only use /usr/libexec/ApplicationFirewall/socketfilterfw to manage the firewall it works as we want.
Started on a machine with the firewall on and stealth mode off in the system preferences pane started a ping on another computer
/usr/libexec/ApplicationFirewall/socketfilterfw --setstealthmode on
stopped pinging
/usr/libexec/ApplicationFirewall/socketfilterfw --setstealthmode off
started pinging again
so just do it all through the socketfilterfw and it should be ok
I have used just that command nothing else and turned it on and off a couple of times now

scottb
Honored Contributor

Thank you @nessts Todd. Those work (testing on 10.10.2 only so far).

I had issues until I rebooted, then the commands were fine after that.