• Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    Command Line Firewall Management In OS X 10.10

    The tools to automate OS X firewall events from the command line are still stored in /usr/libexec/ApplicationFirewall. And you will still use socketfilterfw there for much of the heavy lifting. However, now there are much more helpful and functional options in socketfilterfw that will allow you to more easily script the firewall. Some tricks I’ve picked up with the Mac Firewall/alf scripting: Configure the firewall fully before turning it on (especially if you’re doing so through something like Casper, FileWave, Munki, or Absolute Manage where you might kick yourself out of your session otherwise). Whatever you do, you can always reset things back to defaults by removing the com.apple.alf.plist file…