Begin forwarded message:

> On 15 Nov 2007, at 23:36, Mark Senior wrote:
>> Incidentally, can anyone with access to a 10.5 system tell me, is
>> there a CLI interface to the new application firewall? Is there a
>> useful man page?
>
> No man pages that I could find. 'sudo /usr/libexec/
> ApplicationFirewall/socketfilterfw -i' provides some reasonable
> output [sent to system.log] - it appears to show which currently
> running apps are being allowed, but some of the output is
> unintelligible. [At least it does when I have set the firewall to
> 'allow specific' - not tried 'allow all' or 'allow essential'].
>
> The -h option to that command prints some other options. -d provides
> some different info, but is more unintelligible! It appears to list
> what is configured, rather than what the current allowed set is.
>
> I haven't figured out how to change the 'ask' option. The difference
> between 'accept' and 'listen' is that if you are set to 'allow
> specific', then you run an application that isn't already in the
> list, it can prompt you either when the listener is bound to the
> port [listen mode - which is Leopard's default] or it can allow the
> listener anyway, and defer the prompt until a remote connection is
> actually attempted [accept mode]. I prefer the idea of the deferred
> prompt, since it prevents benign listeners incurring the prompt.

Oh - the -d option kills the currently running socketfilterfw process,
which respawns. -d is described as 'turn on debugging', but I haven't
figured out what debugging output it produces other than the initial
config dump.

[ reply ]