Configuring the firewall for Leopard

Christopher Hunt huntc at internode.on.net
Sun Oct 28 04:01:57 PDT 2007 

Looks like I spoke too soon - I did an Apple update which caused a  
reboot and the firewall seemed to forget my settings - it hasn't asked  
me again either. :-(

It feels like Apple have some more work to do with the firewall.

Cheers,
-C

On 28/10/2007, at 2:30 PM, Christopher Hunt wrote:

> Ah ha - you were on the right track. I tried modifying the  
> com.apple.alf property list myself and played around with some of  
> its settings, restarted socketfilterfw (what looks to be the  
> firewall process) and Firewall (a user agent - probably for trapping  
> socket access and asking the user what they want to do etc.). In the  
> end I rebooted and then the firewall started asking me if I wanted  
> to allow imapd to connect... then I thought that it had nothing to  
> do with my mods - simply some timing thing... I then restored the  
> plist back to what it was, selected "Set access for specific  
> services and applications", rebooted and presto, the firewall asked  
> me about imapd's access.
>
> So, here's what you do to enable firewall access for launchd based  
> user daemons:
> 1. selected "Set access for specific services and applications"
> 2. reboot.
>
> Thanks for the inspiration.
>
> Cheers,
> -C
>
> On 28/10/2007, at 10:30 AM, Derek Chesterfield wrote:
>
>> Did you try restarting the daemon after you added imapd to the  
>> firewall?
>> The firewall allows/denies when the process opens the listening,  
>> not for each inbound request.
>>
>> On 28 Oct 2007, at 00:02, Christopher Hunt wrote:
>>
>>> Allow me to rephrase my question. :-)
>>>
>>> I'm having difficulty configuring the Leopard firewall for a  
>>> service installed via launchd. My service sits on port 993. How do  
>>> I configure the Leopard firewall to allow incoming traffic on port  
>>> 993?
>>>
>>> From what I can see, I can only declare applications via the "Set  
>>> access for specific services and applications" pane. If I chose  
>>> the application logically associated with that socket (/usr/local/ 
>>> bin/imapd) then I am not able to connect. However if I disable the  
>>> firewall (allow all incoming traffic) then my imap clients connect  
>>> to port 993 successfully.
>>>
>>> Any pointers further to this and my previous posts?
>>>
>>> Cheers,
>>> -C
>>>
>>> P.S. port 993 is used to accept imap traffic over ssl - imaps;  
>>> sorry for not being more specific. From /etc/services:
>>> imaps           993/udp     # imap4 protocol over TLS/SSL
>>> imaps           993/tcp     # imap4 protocol over TLS/SSL
>>>
>>> On 28/10/2007, at 5:40 AM, Dan Shoop wrote:
>>>
>>>> Oh Leopard. Missed that.
>>>>
>>>> In that case remove "ipfw" and replace with the word "this".
>>>>
>>>> And re-read what I said in the last post. Because the answer here  
>>>> is still going to come down to that if you just enabled the imap  
>>>> port, however did that with whatever firewall, you've not enabled  
>>>> port 993 since imap doesn't run on that port.
>>>>
>>> _______________________________________________
>>> MacOSX-admin mailing list
>>> MacOSX-admin at omnigroup.com
>>> http://www.omnigroup.com/mailman/listinfo/macosx-admin
>

More information about the MacOSX-admin mailing list