Howto: Control firewall from command line

CountZ wrote:
How do I allow an application to access the Internet from the command line, when the firewall is enabled ?

Welcome to Apple's discussion groups.

I'll confess to having no experience with this, but the ipfw utility may allow you to do what you want. Try "man ipfw" for more information, or do a Web search.

CountZ wrote:
Well ipfw built its rules based on port numbers. I was hoping for a solution based on application names, just like you can do from the GUI ?

I did what I suggested you do ("man ipfw") and have to agree that ipfw provides no support for applications by name. Using "man" and a Web search I also couldn't find anything that explains how OS X implements that.

Did the path you specific go all the way down to the binary?
e.g. /Applications/Safari.app/Contents/MacOS/Safari

ipfw doesn't know anything about applications. It can't, being a layer 3 packet filtering firewall.

The GUI controls a layer 7 firewall.

Apparently you can control it from the command line, as per this article:

http://krypted.com/mac-os-x/command-line-alf-on-mac-os-x/

I'm sure google would turn up more. However, since socketfilterfw has no man page (nor does anything else in /usr/libexec/ApplicationFirewall) you're basically on your own. Also, I'm pretty sure that nothing in libexec is meant to be used directly...they are implementation helper programs, and subject to unannounced change.

But good luck.

Message was edited by: g_wolfman

Message was edited by: g_wolfman