Posted on 03-25-2015 08:14 AM
So, we have a client that is going to be using "Foundstone" software to scan Macs/PC's for vulnerabilities. The client needs to be setup with a hidden account which is a normal user given SSH rights in order to scan/report on software, etc.
One of the requirements is to leave the firewall on while turning off Stealth Mode - easy enough.
sudo defaults write /Library/Preferences/com.apple.alf stealthenabled -int 0
The problem is that after flipping the Stealth Mode off, we can not get the ability to ping - and therefore scan the Macs - until after a reboot. We tried all sorts of things suggested here and elsewhere to get this to work, and so far, only a reboot does the trick. We're testing on 10.10.2/.3 at the moment and will likely have to run this on all the Macs going back to 10.6. I've love to find a way to get this setting flipped and not require a reboot as the client is highly averse to such things (don't ask).
We've tried flipping this on/off to see if that might work, no luck.
defaults write /Library/Preferences/com.apple.alf globalstate -int 0
defaults write /Library/Preferences/com.apple.alf globalstate -int 1
And:
launchctl unload /System/Library/LaunchAgents/com.apple.alf.useragent.plist
launchctl unload /System/Library/LaunchDaemons/com.apple.alf.agent.plist
launchctl load /System/Library/LaunchDaemons/com.apple.alf.agent.plist
launchctl load /System/Library/LaunchAgents/com.apple.alf.useragent.plist
If anyone has any ideas, I'd love to hear them.
Solved! Go to Solution.
Posted on 03-25-2015 08:47 AM
I think if you only use /usr/libexec/ApplicationFirewall/socketfilterfw to manage the firewall it works as we want.
Started on a machine with the firewall on and stealth mode off in the system preferences pane started a ping on another computer
/usr/libexec/ApplicationFirewall/socketfilterfw --setstealthmode on
stopped pinging
/usr/libexec/ApplicationFirewall/socketfilterfw --setstealthmode off
started pinging again
so just do it all through the socketfilterfw and it should be ok
I have used just that command nothing else and turned it on and off a couple of times now
Posted on 03-25-2015 08:47 AM
I think if you only use /usr/libexec/ApplicationFirewall/socketfilterfw to manage the firewall it works as we want.
Started on a machine with the firewall on and stealth mode off in the system preferences pane started a ping on another computer
/usr/libexec/ApplicationFirewall/socketfilterfw --setstealthmode on
stopped pinging
/usr/libexec/ApplicationFirewall/socketfilterfw --setstealthmode off
started pinging again
so just do it all through the socketfilterfw and it should be ok
I have used just that command nothing else and turned it on and off a couple of times now
Posted on 03-25-2015 09:24 AM
Thank you @nessts Todd. Those work (testing on 10.10.2 only so far).
I had issues until I rebooted, then the commands were fine after that.