8
5
I can use the Security & Privacy preference pane to enable and disable the firewall, but how can I do it with the command line - something with defaults write maybe?
cwd
Posted 2012-09-09T17:44:25.270
Reputation: 13 508
How can I enable the firewall via command line on Mac OS X?
Answers
12
Enable the application firewall via
defaults write /Library/Preferences/com.apple.alf globalstate -int 1
(0 to disable), and restart the services
launchctl unload /System/Library/LaunchAgents/com.apple.alf.useragent.plist
launchctl unload /System/Library/LaunchDaemons/com.apple.alf.agent.plist
launchctl load /System/Library/LaunchDaemons/com.apple.alf.agent.plist
launchctl load /System/Library/LaunchAgents/com.apple.alf.useragent.plist
The application firewall can be controlled with the /usr/libexec/ApplicationFirewall/socketfilterfw binary.
See here for further information.
Note that the application firewall is entirely different from the BSD packet filter, that can be configured with the ipfw command line utility.
Ansgar Wiechers
Posted 2012-09-09T17:44:25.270
Reputation: 4 860
On newer versions of macOS restarting the services will fail because of "Operation not permitted while System Integrity Protection is engaged". Disabling SIP is not recommended and quite difficult. As a workaround, restart the computer – treaz – 2019-02-10T05:33:16.643
1You need to
sudothe unload & load of the daemon (/System/Library/LaunchDaemons/com.apple.alf.agent.plist); otherwise it'll try to unload & load them from the user launchd, which won't work right. Do not, however,sudothe commands for the useragent. – Gordon Davisson – 2012-09-10T13:51:21.533