Exception for syslogd in com.apple.alf.plist doesn't work after 10.5.6 upgd
In 10.5.4, I added /usr/sbin/syslogd to the exception list in /usr/libexec/ApplicationFirewall/com.apple.alf.plist.
This allowed me to keep the mediocre application firewall set to "allow only essential services" and still allow my router to send syslog messages to a log on my Mac.
I upgraded to 10.5.6 (straight from 10.5.4). It appears that the application firewall ignores the additional exception entry I added.
I've tried moving the exception entry up (replacing the one for configd), but it doesn't matter. I already know about /Library/Preferences/com.apple.alf.plist, so you don't need to suggest that I delete it. It's re-created (as a binary) each time you unload/load the launchctl for syslogd, and it does appear to use the file in /usr/libexec/ApplicationFirewall/com.apple.alf.plist.
The only two ways I've found to allow syslogd through are:
1. disable the app firewall (choose "allow all incoming connections" (not my preferred solution)
2. choose "set access for specific services and applications", which unfortunately allows all the specified applications (and probably allows Apple's hidden list of exceptions that includes things like World of Warcraft and Skype). The hidden list opens the machine to a greater number of attacks from trojan software, and I'd rather have the system locked down, not opened up.
Does anyone know how I can recover the 10.5.4 functionality, which allowed me to add syslogd as an exception, instead of adding it to the GUI list of applications?
This allowed me to keep the mediocre application firewall set to "allow only essential services" and still allow my router to send syslog messages to a log on my Mac.
I upgraded to 10.5.6 (straight from 10.5.4). It appears that the application firewall ignores the additional exception entry I added.
I've tried moving the exception entry up (replacing the one for configd), but it doesn't matter. I already know about /Library/Preferences/com.apple.alf.plist, so you don't need to suggest that I delete it. It's re-created (as a binary) each time you unload/load the launchctl for syslogd, and it does appear to use the file in /usr/libexec/ApplicationFirewall/com.apple.alf.plist.
The only two ways I've found to allow syslogd through are:
1. disable the app firewall (choose "allow all incoming connections" (not my preferred solution)
2. choose "set access for specific services and applications", which unfortunately allows all the specified applications (and probably allows Apple's hidden list of exceptions that includes things like World of Warcraft and Skype). The hidden list opens the machine to a greater number of attacks from trojan software, and I'd rather have the system locked down, not opened up.
Does anyone know how I can recover the 10.5.4 functionality, which allowed me to add syslogd as an exception, instead of adding it to the GUI list of applications?
G4, Mac OS X (10.5.6)
