Please visit the new Mac-Forums Facebook page:
https://www.facebook.com/macforums1




Results 1 to 12 of 12
  1. #1
    Firewall OS 10.14. script to switch on off the firewall and adjust settings
    Today I realised that my firewall wasn't running and that was quite a shock to me, I knew I turned it on at some point but didn't think of it any more.

    Check the System Preferences.app and make sure yours is on:

    Firewall Settings.jpg

    Additionally I switched it on the "Block all incoming connections" in the FW-options (when unlocking the padlock the options settings come available).

    I was so shocked that I wrote a script to run it at login to make sure the settings are always the way I want it, even an update will change settings without my consent.

    Code:
    #!/bin/bash
    
    # ++++++++++++++++++++++++++++++++++++++
    # + Firewall Einschalten bei Sys Start +
    # ++++++++++++++++++++++++++++++++++++++
    
    
    # Stop Firewall First
    /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate off
    
    # Switch on Deny Incoming Traffic
    /usr/libexec/ApplicationFirewall/socketfilterfw --setblockall on
    
    # read -p "Press enter to continue"
    
    # Switch on StealthMode
    /usr/libexec/ApplicationFirewall/socketfilterfw --setstealthmode on
    
    # Start Firewall again
    /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on
    
    # read -p "Press enter to continue"
    
    # killall Terminal
    
    # ++++++++ ALTERNATIVE ZU KILLALL TERMINAL W.O. ++++++++++
    # +++++ closing the terminal window within the script ++++
    # ++ the following is to close the script:
    # ++ for more information see this site: 
    # ++ https://stackoverflow.com/questions/8798641/close-terminal-window-from-within-shell-script-unix
    # ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    
    osascript -e 'tell application "Terminal" to close (every window whose name contains ".command")' &
    exit
    It is not the nicest script but it should work. If you remove the (hash) before the
    Code:
    read -p...
    the script stops and you can see what happens or wether errors occur.

    And that is exactly the problem I have. If I run the script, everything works fine (at least according to the terminal). BUT when I check the settings in the System Preferences.app (as above) I don't see changes there. Even if I reboot the system it seems the settings from Blocking all content does not work via script.

    Do you have any suggestions or fixes?
    Is your firewall switched off or on and did you know it?
    Please comment below I am really curious what you think about a default setting which seems to switch off the Firewall!

    WARNING When you switch all the options to "Block all..." your IPhone might not be able to share and send info to your Laptop (e.g. Airdrop).

    Thanks much,
    Uwe

    PS: I am using a Macbook Pro with MaxOs 10.14...

  2. #2
    Firewall OS 10.14. script to switch on off the firewall and adjust settings
    Raz0rEdge's Avatar
    Member Since
    Jul 17, 2009
    Location
    MA
    Posts
    12,100
    Rep Power
    24
    You don't need to turn the firewall on your MBP on. Your router already has a hardware firewall that is protecting you. So this extra layer "protection" doesn't really serve any purpose.
    --
    Regards
    ...Ashwin


  3. #3
    Firewall OS 10.14. script to switch on off the firewall and adjust settings
    harryb2448's Avatar
    Member Since
    Nov 28, 2007
    Location
    Nambucca Heads Australia
    Posts
    25,224
    Your Mac's Specs
    iMac, i7 4GHz, 32GB memory, 1TB Blade, macOS Catalina,
    Rep Power
    31
    And Apple's default is 'off'.
    Using OS X.7 or later make a bootable USB thumb drive before running Installer!

  4. #4
    Thanks the two of you for your reply!!! That starts a great conversation!
    In regards to
    Quote Originally Posted by harryb2448 View Post
    And Apple's default is 'off'.
    - I noticed that the default is off -- That is my major concern!! That is why I need to find a solution to make sure it will be on always!

    Especially because of the reply from Mr. Raz0rEdge:
    Quote Originally Posted by Raz0rEdge View Post
    You don't need to turn the firewall on your MBP on.
    - how can you assume I dont need, and how can you assume I have a router with HW firewall? I am one of those people who travel about 8 month of the year and I connect to several different WiFi router in cafes, coworking places, hotels and what not. I not only need a state of the art firewall but additionally work with VPN to protect me even more! That is why I am concerned about it a lot! And if in your case you use it in the same places, it might not make a huge difference but assuming that everyone uses it the same way might not be of much help, i am afraid to say so.

    Anyhow, I am curious what other people think and hopefully protect yourself from connecting to the internet without firewall.
    Best regards,
    Uwe

  5. #5
    Firewall OS 10.14. script to switch on off the firewall and adjust settings
    IWT's Avatar
    Member Since
    Jan 23, 2009
    Location
    Born in Scotland, Worked in Scotland then England, Now live in Wales
    Posts
    5,969
    Your Mac's Specs
    iMac 5K Retina 27", August 2019, 3.6GHz Intel Core i9, Memory 32GB, 2TB SSD, macOS Mojave 10.14.6
    Rep Power
    19
    @Uwe

    If you are looking for what you might consider the most comprehensive Firewall protection, you may wish to go into System Preferences > Privacy > Firewall > Firewall Options and Enable "Stealth Mode". What that does is explained underneath that option.

    To be clear, I am not for or against Firewall per se, nor advising you what to do; but merely drawing your attention to an additional facility that is often overlooked.

    Ian
    Ian

  6. #6
    Firewall OS 10.14. script to switch on off the firewall and adjust settings
    Raz0rEdge's Avatar
    Member Since
    Jul 17, 2009
    Location
    MA
    Posts
    12,100
    Rep Power
    24
    Every router has a firewall, whether it's yours or a shared one. So again, the firewall on your machine is largely useless. If you are connecting to other people's WiFi (something you failed to mention in your first post and alas my crystal ball is out of commission right now), then we would have suggested going down the VPN route to secure your transactions which provide more value than the firewall.
    --
    Regards
    ...Ashwin


  7. #7
    Thanks again for your input!
    In regards to
    Quote Originally Posted by IWT View Post
    ... Enable "Stealth Mode" ...
    - yes I know, that is great you mention that and the script above does include switching this option "on".

    and in regards to
    Quote Originally Posted by Raz0rEdge View Post
    Every router has a firewall...
    - well, they might have or have not, however, if I use a WiFi in a cafe I might have no influence whether the firewall in the rooter is switched on or not... that means I have no control over that. Though what I have e control over is my internal SW firewall on my machine, at least that was what I was thinking...

    Never the less, we are missing the point here. MY QUESTION was, and still is: HOW CAN I MAKE SURE my firewall is switched on and not suddenly off after I update my machine (or whatever caused my laptop to switch off the FW without my consent in the first place)?

    I want to learn about solutions that switch the FW in my machine on and make sure that it is always on - the script is a solution I came up with but there are much better solutions which I don't know of. Can YOU advise me what to do in order to assure my FW is running and how to do so?

    Thanks,
    Uwe

  8. #8
    Firewall OS 10.14. script to switch on off the firewall and adjust settings
    MacInWin's Avatar
    Member Since
    Jan 01, 2009
    Location
    Winchester, VA
    Posts
    6,798
    Your Mac's Specs
    MBP 15" Mid 2015, iPhone 11 Pro, an iMac, plus ATVs, AWatch, MacMini
    Rep Power
    27
    Can YOU advise me what to do in order to assure my FW is running and how to do so?
    Check it manually? Given how vital you think it may be, that would seem to be a minor task. You could put something in the boot up to remind you to check the firewall. However, most boots don't touch the firewall, so that would pester you to do something you shouldn't have to do. But, again, if it's that important to you, it's a minimal task.
    Jake

  9. #9
    Firewall OS 10.14. script to switch on off the firewall and adjust settings
    pm-r's Avatar
    Member Since
    Oct 16, 2010
    Location
    Brentwood Bay, BC, Canada
    Posts
    12,303
    Rep Power
    20
    A quick Google search provided this old goody that should still work:
    View firewall status via the Scripts menu
    View firewall status via the Scripts menu - Mac OS X Hints

    Maybe even this:
    macos - How can I enable the firewall via command line on Mac OS X? - Super User


    - Patrick
    ======

  10. #10
    Thanks for all your replies!!! @Jake, doing things manually is the opposite of what I want to do... but thanks...

    in regards to
    Quote Originally Posted by pm-r View Post
    View firewall status via the Scripts menu View firewall status via the Scripts menu - Mac OS X Hints
    The script shows up but shows that my FW is not working... well that seems not to work for me - but great idea!

    and in respect to: That is a great resource!!! I love it! But I get following reply when trying to run ./socketfilterfw -l | grep TRUSTEDAPPS
    Code:
    -bash: ./socketfilterfw: No such file or directory
    See the screenshot:
    Screenshot 2019-10-17 at 10.22.39.jpg

    That was a great help Patrick - if you are not tired of this topic, I'd like to get your opinion why this command does not work for me:
    Code:
    ./socketfilterfw -l | grep TRUSTEDAPPS
    Thanks,
    Uwe

  11. #11
    Firewall OS 10.14. script to switch on off the firewall and adjust settings
    pm-r's Avatar
    Member Since
    Oct 16, 2010
    Location
    Brentwood Bay, BC, Canada
    Posts
    12,303
    Rep Power
    20
    @Uwe
    That was a great help Patrick - if you are not tired of this topic, I'd like to get your opinion why this command does not work for me:

    Sorry Uwe, but scripting and especially troubleshooting, it is well beyond my Mac capabilities.


    - Patrick
    ======

  12. #12
    No worries, thanks for your reply!

Thread Information

Users Browsing this Thread

There are currently 4 users browsing this thread. (0 members and 4 guests)

Similar Threads

  1. Firewall Settings
    By Japple1 in forum Security Awareness
    Replies: 4
    Last Post: 12-18-2015, 08:19 PM
  2. How do you change firewall settings?
    By Noels in forum Switcher Hangout
    Replies: 6
    Last Post: 04-09-2008, 10:50 AM
  3. Limewire and Firewall settings...
    By A_Alire in forum Internet, Networking, and Wireless
    Replies: 2
    Last Post: 10-09-2007, 08:03 AM
  4. Firewall settings
    By gemigene in forum Switcher Hangout
    Replies: 8
    Last Post: 12-12-2006, 10:54 AM
  5. firewall settings with airport
    By IChing in forum Internet, Networking, and Wireless
    Replies: 0
    Last Post: 01-03-2005, 03:54 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •