Hello Derek,

The best I've found is just this ... nothing more satisfactory yet.

$ /usr/libesec/ApplicationFirewll/socketfilterfw -h

usage: ./socketfilterfw [-c] [-w] [-d] [-l] [-T] [-U] [-B] [-L] [-a
listen or accept] [-s file to sign] [-v file to verify] [-p pid to
write]
firewallapp is used to control Application Firewall socket filter.
The command takes the following options that are evaluated in order,
and several options may be combined:
-h display this help and exit
-t app set trusted app, e.g. -t app1 app2 app3
-i dump socket filter internal data info
-d turn on debugging
-l do logging and run in daemon mode
-k kill daemon
-a ask when listen or accept, ask "accept" or ask "listen"
-s file sign file
-v file verify file
-c check file

In addition, I know that for some services, you can see if they have
been started in launchd. For example:
launchctl list | grep com.apple.RemoteDesktop.agent

If the PID exists, ARD is running and is allowed through the firewall.

As for other applications, I don't know yet. I'll be curious to see
answers to your question that are more helpful than this! :)

Best wishes,
Scott
--
Dr. Scott Russell

IT Support Engineer
Arts & Letters Computing, Distributed Support Services,
Office of Information Technologies, University of Notre Dame
Instructor of Horn, University of Notre Dame and Saint Mary's College
Assistant Horn, South Bend Symphony Orchestra

234 Decio Hall
574-631-7021
ScottRussell (at) nd (dot) edu [email concealed]
http://www.nd.edu/~srussel2/

On Nov 15, 2007, at 11:47 PM, Derek Chesterfield wrote:

> No man pages that I could find.

[ reply ]