config OSX firewall programmatically
osx firewall configuration file is : /Library/Preferences/com.apple.alf.plist
the default plist and firewall programs are under:/usr/libexec/ApplicationFirewall
To configure the firewall to block all incoming traffic:
/usr/libexec/ApplicationFirewall/socketfilterfw --setblockall on
To see if block all is enabled:
/usr/libexec/ApplicationFirewall/socketfilterfw --getblockall
The output would be as follows, if successful:
Firewall is set to block all non-essential incoming connections
A couple of global options that can be set. Stealth Mode:
/usr/libexec/ApplicationFirewall/socketfilterfw --setstealthmode on
To check if stealth mode is enabled:
/usr/libexec/ApplicationFirewall/socketfilterfw --getstealthmode
To turn on firewall logging:
/usr/libexec/ApplicationFirewall/socketfilterfw --setloggingmode on
To control the verbosity of logs, using throttled, brief or detail:
/usr/libexec/ApplicationFirewall/socketfilterfw --setloggingopt: detail
To start the firewall:
/usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on
To sanity check whether it’s started:
/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate
To allow signed applications:
/usr/libexec/ApplicationFirewall/socketfilterfw --setallowsigned on
To check if you allow signed apps:
/usr/libexec/ApplicationFirewall/socketfilterfw --getallowsigned
To show the status of each filtered application:
/usr/libexec/ApplicationFirewall/socketfilterfw --listapps
To check if an app is blocked:
/usr/libexec/ApplicationFirewall/socketfilterfw –getappblocked /Applications/MyApp.app/Contents/MacOS/myapp
This shows the number of exceptions, explicitly allowed apps and signed exceptions as well as process names and allowed app statuses. There is also a list of TRUSTEDAPPS, which will initially be populated by Apple tools with sharing capabilities (e.g. httpd & smbd). If you are enabling the firewall using a script, first sign your applications that need to allow sharing but are not in the TRUSTEDAPPS section by using the -s option along with the application binary (not the .app bundle):
/usr/libexec/ApplicationFirewall/socketfilterfw -s /Applications/MyApp.app/Contents/MacOS/myapp
Once signed, verify the signature:
/usr/libexec/ApplicationFirewall/socketfilterfw -v /Applications/MyApp.app/Contents/MacOS/myapp
Once signed, trust the application using the –add option:
/usr/libexec/ApplicationFirewall/socketfilterfw --add /Applications/MyApp.app/Contents/MacOS/myapp
To see a list of trusted applications:
/usr/libexec/ApplicationFirewall/socketfilterfw -l
config OSX firewall programmatically的更多相关文章
- Sharepoint学习笔记—习题系列--70-576习题解析 -(Q78-Q80)
Question 78 You are designing an application configuration approach for a custom SharePoint 2010 app ...
- Linux 服务器安全技巧
毋庸置疑,对于系统管理员,提高服务器的安全性是最重要的事情之一.因此,也就有了许多针对这个话题而生的文章.博客和论坛帖子. 一台服务器由大量功能各异的部件组成,这一点使得很难根据每个人的需求去提供定制 ...
- Cisco ASA 高级配置
Cisco ASA 高级配置 一.防范IP分片攻击 1.Ip分片的原理: 2.Ip分片的安全问题: 3.防范Ip分片. 这三个问题在之前已经详细介绍过了,在此就不多介绍了.详细介绍请查看上一篇文章:I ...
- Windows后渗透
My 命令行下收集主机信息 使用wmic识别安装到系统中的补丁情况: wmic qfe get description,installedOn 识别正在运行的服务: sc query type= se ...
- openwrt手动wifi设成client模式[笔记]
说明:刚刷好的OPENWRT,默认是不带luci-web管理的,所以得手工SSH或TELNET上去改WIFI模式,以便通过WIFI连到现有的ROUTER去下载安装luci...: root@OpenW ...
- 开源入侵检测系统SELKS系统搭建
一.系统环境配置 系统环境:centos7x64 ip地址:172.16.91.130 1.设置静态IP地址 [root@localhost backlion]#vi /etc/sys ...
- shell脚本——项目1
案例名称:系统初始化 背景:10台已装有linux系统的服务器 需求: 1.设置时区同步 2.禁用selinux 3.清空防火墙策略 4.历史命令显示操作时间 5.禁止root远程登录 6.禁止定时任 ...
- pfSense QoS IDS
pfSense QoS IDS 来源 https://blanboom.org/2018/pfsense-setup/ 之前我使用的无线路由器是 RT1900ac,其内置了 QoS 和 IDS/IPS ...
- Hadoop_Hbase集群完全离线安装[CDH 5.13.1]
here 一.环境准备:(这儿准备了三台虚拟机:内存6-3-3) JDK: -openjdk rpm -e java--openjdk-headless rpm -e java--openjdk-he ...
随机推荐
- Java基础语法<一> 数据类型&运算符
1 数据类型 1.1 整型 类型 存储需求 取值范围 int 4字节 -21 4748 3648 – 21 4748 3647 232 short 2字节 -32768-32767 216 lon ...
- 【TensorFlow入门完全指南】模型篇·逻辑斯蒂回归模型
import库,加载mnist数据集. 设置学习率,迭代次数,batch并行计算数量,以及log显示. 这里设置了占位符,输入是batch * 784的矩阵,由于是并行计算,所以None实际上代表并行 ...
- 【原创】EntityFramework Core 中使用 CodeFirst 模式时 PowerShell 版本问题及解决
一.描述: 在使用 Entity Framework Core 时,使用 CodeFirst 模式, 在 VS 中的 PMC(nuget 包管理 控制台) 控制台界面使用如下命令: Install-P ...
- 面向对象JavaScript的基本概念
一.类和对象 1, JavaScript对象分为三类:本地对象,内置对象,宿主对象. 本地对象有15种:Object Function Array String Number Boolean Date ...
- Android不编译某个模块
Android 5.1 源码,编译相关的文件一般在build目录下build/target/product 放了很多mk文件:一般不同的产品会有不同的目录 假设我不想编译OpenWnn,在build目 ...
- java+selenium3.0 运行时出的问题(system property)!
按照之前的文章讲解,都已经搭建好了,可是在刚开始运行就报错了,代码和报错如下: WebDriver driver = new ChromeDriver(); driver.get("http ...
- 使用VMware安装CentOS
使用VMware安装CentOS 第1步:首先安装VMware Workstation,只需点下一步即可,安装过程略 第2步:文件 → 新建虚拟机 或 直接点击 创建新的虚拟机 图标 第3步:选择 典 ...
- Android对话框和帧动画
Android对话框 在一个例子中展示四种对话框. 设置四个按钮 <LinearLayout xmlns:android="http://schemas.android.com/apk ...
- 26. leetcode 350. Intersection of Two Arrays II
350. Intersection of Two Arrays II Given two arrays, write a function to compute their intersection. ...
- HDU 6033 Add More Zero (数学)
Description There is a youngster known for amateur propositions concerning several mathematical hard ...