Worklet: Enable Firewall on macOS

  • 23 August 2019
  • 0 replies
  • 54 views

Originally introduced in Mac OS X Leopard (10.5.1), the built-in macOS Firewall limits incoming connections on a per-application basis (as opposed to a per-port basis). Disabled by default, this worklet enables the macOS firewall.



Evaluation:



#!/bin/bash



# helper function to check if a command exists

function command_exists {

type "$1" &> /dev/null

}



# only evaluate if the socketfilterfw command is available

if command_exists /usr/libexec/ApplicationFirewall/socketfilterfw; then

# check if the firewall is enabled

/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate | grep -q 'enabled'



# yes? no?

exit $?

fi



# socketfilterfw command is not available, move along

exit 0



Remediation:



#!/bin/bash



# turn the firewall on

/usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on



# how did we do?

exit $?

This topic has been closed for comments