Script to Configure the Mac OS X firewall

by on April 7, 2010 » Add more comments.

Here is a script that can be deployed via ARD, Absolute Manage (LANrev), LANDesk or virtually any other method to enable and configure the firewall for 10.4, 10.5 or 10.6. You will need to decide how exactly you want your clients firewalls configured. Pay special attention to the stealth setting. If this is enabled, you will not be able to ping that system which will make discovery difficult if they are on a different subnet than your admin system.


#!/bin/sh
# enable_firewall.sh
#
# Patrick Gallagher
# http://macadmincorner.com
 
# Stealth Mode - Set to 0 to disable
# Stealth mode prevents machine from responding to ping requestst
# Be aware that this would prevent tools such as ARD from discovering
# the machine, though bonjour on the same subnet will still work
 
osversionlong=`sw_vers -productVersion`
osvers=${osversionlong:3:1}
 
# Check if this is being run by root
if [ "$(whoami)" != "root" ] ; then
  echo "Must be root to run this command." >&2
  exit 1
fi
 
# Enable firewall for Tiger
if [ $osvers -eq 4 ]; then
	echo "Setting firewall on a ${osversionlong} machine"
	/usr/bin/defaults write /Library/Preferences/com.apple.sharing.firewall state -bool YES
	# UDP, change to 0 to disable
	/usr/bin/defaults write /Library/Preferences/com.apple.sharing.firewall udpenabled  -int 1
	# Stealth, change to 0 to disable
	/usr/bin/defaults write /Library/Preferences/com.apple.sharing.firewall stealthenabled -int 1
	/usr/libexec/FirewallTool
fi
 
# Enable firewall for Leopard or Snow Leopard
if [ $osvers -ge 5 ]; then
	echo "Setting firewall on a ${osversionlong} machine"
	# Globalstate - Set to 0 for off, 1 for on, 2 for "Block all incoming access"
	/usr/bin/defaults write /Library/Preferences/com.apple.alf globalstate -int 1
	/usr/bin/defaults write /Library/Preferences/com.apple.alf stealthenabled -int 1
fi

Find more like this: Absolute Manage, Automation, Mac, Scripting , , , , ,


3 Responses to Script to Configure the Mac OS X firewall

  • Lika says:

    oh thanks! I use Protemac NetMine as firewall in my Mac.

  • mike says:

    Hi,

    I am new to macs, don’t have ARD. How do i launch this script. I have copied into text wrangler and saved. I tried importing into apple script but it wouldn’t let me save.

    TIA

  • Patrick says:

    From TextWrangler, save it with a .command extension. This will make it “double-clickable”. You might also need to run “chmod +x filename.command” to make it executable.

    You can’t import bash scripts into Apple Script. It’s a different scripting language. You would have to rewrite most of it.

Leave a Reply

Your email address will not be published. Required fields are marked *