Changing firewall rules

I'm running Tiger and I'm trying to find out for someone using Leopard (who is not adept at using computers to learn themselves but also lives too far for me to go to their home and help) and they need to open a port so that he and I can play an online game together.
The only thing is, the System Prefs interface seems to have changed drastically and using anything I could find on google (even screenshots) I couldn't figure out how to add custom rules.
So I'll keep it really brief and ask if someone can either just explain quickly where to go to add a custom rule or if there's a help page? I've done searches but the internet is saturated with unrelated material.

This is from Mac Help in leopard:
Setting firewall access for services and applications.
Mac OS X includes a firewall: a security measure that protects your computer from connections initiated by other computers when connected to a network or the Internet. If you turn on a sharing service, such as file sharing, Mac OS X opens a specific port in the firewall for the service to communicate through. When you open the Firewall pane of Security preferences, any sharing services turned on in Sharing preferences, such as File Sharing or Remote Apple Events, appear in the list.
In addition to the sharing services you turned on in Sharing preferences, the list may include other services, applications, and programs that are allowed to open ports in the firewall. An application or program might have requested and been given access through the firewall, or might be signed by a trusted certificate and therefore allowed access.
IMPORTANT: Some programs have access through the firewall although they don’t appear in the list. These might include system applications, services, and processes. They can also include digitally signed programs that are opened automatically by other programs. You might be able to block these programs’ access through the firewall by adding them to the list.
To add an application to the list, select “Set access for specific services and applications” in the Firewall pane of Security preferences, click Add at the bottom of the list, and then select what you want to add. After the program is added, click its up and down arrows to allow or block connections through the firewall.
NOTICE: Blocking a program’s access through the firewall could harm the program or other programs that depend on it, or affect the performance of other applications and services you use.
When the system detects a connection attempt to a program that is not enabled in Security preferences or not signed, a dialog will ask you if you want to allow or deny access to the program. If you do not respond, the program is added to the list in the Firewall pane of Security preferences, and the access is set to “Allow only essential services.”
Related Topics
firewall
sharing files

Similar Messages

  • Can't change firewall rules via preferences pane

    When I select the Sharing preferences and switch to "Firewall", I get the following error (in German): "Sie können die Firewall-Einstellungen nicht ändern, da beim Lesen der Einstellungen von Ihrem System ein Fehler aufgetreten is", which actually means something like "You can't change your firewall settings because an error occured while reading your settings".
    The error doesn't go away even after rebooting.

    I assume you have specified german as your default language, because if you haven't then german error is quite odd.
    Anyway, have you installed any other firewall software? Something has probably caused your firewall settings to either disappear or to change in a way that mac os x cannot read them.

  • Why are firewall rules changing themselves dynamically??

    I'm looking at the Active Rules window of my Firewall service on the Server Admin. It seems to be changing itself! As I sit there and watch it, I see some rules come and go. These look like
    (1s) STATE udp 127.0.0.1 661 <-> 127.0.0.1 989
    The rules appear and then disappear. How can firewall rules be dynamic like that?!? What is a "STATE" rule?
    Mike

    Niel wrote:
    Click here for information.
    (35806)
    sorry, this doesn't seem to be a link. Please re-post the URL?
    Mike

  • How to reload firewall rules from command line on firewall ?

    Hi all,
    I am trying to create script that controls firewall on server. OS version is OS X Server 10.5.6.
    Part of firewall rules is created using firewall admin tools, part of Server Admin Tools. My first question is where are those rules stored permanently ? As far as I understood it should be set of ipfw rules but they are not stored in /etc/ipfilter/ipfw.conf.
    Idea of script is this:
    I have set of rules that should be controlled by Server Admin Tools.
    Also, I have some dynamic rules.
    Whenever some change occurs, I created script that does following:
    /sbin/ipfw -f flush - to flush all existing rules
    /sbin/serveradmin stop ipfilter - to stop existing firewall
    /sbin/serveradmin start ipfilter - to restart firewall and reload permanent rules
    Add my set of rules...
    After flushing all rules and issuing stop and start ipfilter none of rules set through Server Admin Tools are not reloaded. So how should I reload them ? How to save them permanently in the first place ?
    Please note that I do not have access to server (for security reasons). I am developing script on my Mac, sending to client and he tests it. So I cannot do a lot of testing.
    Thank you in advance.
    Best regards,
    Dusan

    Unix and Terminal queries are best posted to the Unix forum under OS X Technologies where those mavens frolic.

  • SA 540 INBOUND FIREWALL RULES NOT WORKING

    Hi all,
    I am having trouble configuring the firewall for the SA 540.
    client 1 (160.222.46.154) ----- switch ------ sa 540 ------ cisco 887 W ------ client 2 (50.0.0.10).
    client 1 can ping client 2, however client 2 cannot ping client 1. The default outbound policy (allow all) is set on the sa 540, and I have tried configuring a blanket ipv4 rule on the sa 540 to allow 'all' to 'any' (for all services) related to traffic from the WAN to LAN, and visa versa. The output from the logs are as follows:
    Fri Jan 7 13:43:04 2000(GMT +1000) WARN FIREWALL 50.0.0.10 160.222.46.154 [firewall] LOG_PACKET[DROP] IN=WAN OUT=WAN SRC=50.0.0.10 DST=160.222.46.154 PROTO=ICMP TYPE=8 CODE=0
    Component: KERNEL
    Fri Jan 7 13:43:09 2000(GMT +1000) WARN FIREWALL 50.0.0.10 160.222.46.154 [firewall] LOG_PACKET[DROP] IN=WAN OUT=WAN SRC=50.0.0.10 DST=160.222.46.154 PROTO=ICMP TYPE=8 CODE=0
    Component: KERNEL
    Fri Jan 7 13:43:14 2000(GMT +1000) WARN FIREWALL 50.0.0.10 160.222.46.154 [firewall] LOG_PACKET[DROP] IN=WAN OUT=WAN SRC=50.0.0.10 DST=160.222.46.154 PROTO=UDP SPT=60737 DPT=53
    Component: KERNEL
    Basically any connection identified as coming in from the WAN (i.e. IN=WAN) is dropped. I set up a new vlan on the cisco 887 W, in the 160.222.46.x address space, and connected a spare port directly to the sa 540 and had no problem testing connectivity to any device via ping. Obviously the zone communication is LAN to LAN and firewall treats the traffice differently.
    I assumed that creating an all encompassing rule to allow all trafiic, for all services, between the LAN and WAN (in both directions) would be equivalent to placing the appliance in PASS THROUGH mode? There is no securtiy set on the 887 W or the switch.
    Also is anybody could explain what 'SELF' means in the conttext IN=SELF or OUT=SELF it would be much appreciated. Firmware is latest.
    Thank you.
    Regards
    Marc

    On closer analysis and with some help from Experts Exchange it did seem non sensical to have both the IN and OUT as the WAN interface, but I had literally exhausted every avenue possible bar 1- changing the routing mode to CLASSIC and configuring a static route (which was at a higher administrative level than my RIP advertised routes) and took preferece when forwarding the packets.
    Now the SA540 firewall rules work as I would expect and I can route between all zones. To summise it appears as if the Double NAT from the router (887W) and then the SA540 was the issue, and the innability to configure any workaround in the interface of the SA54O firewall rules.
    It really makes you appreciate the power of the command line and the full scope of CIsco's command line options. Does anybody know if (and how) it would be possible to configure Double NAT on the SA540?
    Regards
    Marc

  • Firewall rules don't seem to be working correctly

    i have my firewall turned on and have rules for itunes and jungle disk to all incoming, but itunes still alerts me to change firewall settings to allow sharing, which is an annoyance, but jungledisk will not work with me adding a rule, it seems as if i have to the firewall off completely for these to work. Also my screensharing will not work now either, but i have no problem with any other apps like skype where the rules work fine. Any suggestions?

    Great news, thanks!

  • Mac Mini, iTunes 7.4.2, Mac OS X 10.4.10 -- firewall rules are broken

    Last night I updated from 7.4.1 to 7.4.2. Nothing else changed on my Mac Mini (Intel Core 2 DUO) running Mac OS X 10.4.10.
    I immediately found that none of my other computers nor my Apple TV could reach my shared music library, which is hosted by the Mac Mini.
    I normally run with the firewall enabled and in fact the box is checked to allow iTunes music sharing. HOWEVER, since upgrading to iTunes 7.4.2, the firewall rule is somehow no longer sufficient.
    I had to turn off the firewall in order for my other computers and the Apple TV to be able to reach my shared library on my Mac Mini.
    Effectively, something has changed w.r.t. sharing in iTunes 7.4.2, such that the default firewall rules in Mac OS X 10.4.2 are no longer allowing clients to connect to the iTunes shared libraries.

    The 1G iPod should still work OS X 10.4.11 (Tiger).  Since the Mac still sees the iPod as an externally mounted drive, we'll take that as a good sign.
    Have you seen this article yet?
    iPod does not appear in iTunes or iPod updater in Mac OS X
    And perhaps work through all the suggestion here as well?
    iPod not recognized in iTunes and Mac desktop
    B-rock

  • SQL firewall rule to restrict traffic from only one Azure PaaS website (cross-post from websites)

    (This has also been posted on the websites forum)
    Hi,
    I have been asked to configure the firewall on the SQL PaaS instance to only allow traffic from a specified PaaS website that is within the same subscription. I can't see any way to set a static internal IP for the website, is there a way to identify it
    for the purpose of the SQL Database firewall rule?
    Thanks,
    Karina

    You're right, KG! Sorry.
    This article mentions a reserved-IP:
    https://msdn.microsoft.com/en-us/library/azure/dn690120.aspx
    It specifically mentions your scenario:
    You want to ensure that outbound traffic from Azure uses a predictable IP address. You may have your firewall configured to allow only traffic from specific IP addresses. By reserving a VIP, you will know the source IP address and won’t
    have to update your firewall rules due to a VIP change. This is especially helpful if you want to configure your firewall before you create your cloud service.
    The only thing I'm not confident on would be if it works with Azure Websites - it does mention cloud services, though. If you have further questions, I can give a shot myself and see if I can get a working example.

  • Add firewall rule with custom environment variable in program path

    Hi,
    We want to create a firewall rule for a program which is placed in folder which changes sometimes. I know you can add a firewall with the ProgramFiles environment variable like this:
    netsh advfirewall firewall add rule name="Test Firewall rule" dir=in program="%%ProgramFiles%%\Test\Test.exe" action=allow security=notrequired
    The environment variable ProgramFiles isn't expanded and if the Program Files folder is different on a system the rule still works.
    We try to use this with a custom environment variable which we set a system environment variable with this command:
    SETX SomeFolder "D:\Some Folder\Apr 2015" /M
    If we use the command below to add the firewall rule in a batch file the environment variable SomeFolder is expanded correctly and the program path is added as a static path.
    netsh advfirewall firewall add rule name="Some Firewall Rule" dir=in program="%SomeFolder%\AFile.exe" action=allow security=notrequired
    Because the folder changes sometimes we want to change the environment variable SomeFolder and not remove the old firewall rule and create a new one. We want to add the environment variable SomeFolder to the program path as a (dynamic) environment variable
    and not as the expanded path at the moment when the rule is added. If we use this command:
    netsh advfirewall firewall add rule name="Some Firewall Rule" dir=in program="%%SomeFolder%%\AFile.exe" action=allow security=notrequired
    We get the error:
              Windows Firewall with Advanced Security
              An error occurred while adding the rule.
              Error: The parameter is incorrect
              Status: The application name could not be resolved
              OK   
    Why can't we use %%SOMEFOLDER%% like we can use %%PROGRAMFILES%%? The same error is shown when we try to add the firewall rule through the management console 'Windows Firewall with Advanced Security'
    W. Spu

    Hi,
    Based on my plenty of test with this problem, it seems like there is no better method to achieve your requirement. To add new policy to firewall, it would be better using general cmdlet. The path parameter like %%SomeFolder%% do have problem in add firewall
    policy cmdlet. 
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • RV220W Firewall Rules reordering

    How do I reorder firewall rules? I have used the reorder button and then ordered the rules. I then SAVE and the report is Operation Succeeded. The screen stays on the Reorder screen.
    If I go into some other screen and come back to Access Rules I find that the rule order is unchanged. So I select Reorder and the reorder screen comes back showing the new rules order. I now have 2 screens I can go to. The main "Access Rules" and the reorder "Access Rules". These 2 panels show the rules in different order.
    If I reboot the router the reordered rules are lost.
    There appears to be no way to reorder the rules.
    Firmware version is 1.0.4.17
    Any ideas?
    David

    After experimenting a bit further it seems as though there are 2 relevant firewall rule tables. The first one is the one that you see in Access Rules. It seems to show the all the rules in the order that you enter them. When you select "Reorder" you get another table with a list of priorities. This is the table that shows the rules in the order that they will be executed. This order is NOT the same as the first table and the first table order WILL NOT CHANGE as the rules are reordered.
    Now that I know this, it is OK - the doc could have been a bit clearer as this is not consistent with other small routers (at least in my experience!). I also found that when I had been altering a few rules I needed to reboot the router before the rules would work properly.
    Other than that - no problems so far (cross fingers!)
    David

  • How to change Firewall remoted desktop port?

    How to change Firewall remoted desktop port
    I have changed the listening port in the registry.
    I added a rule for incoming for RDT.
    I can find the rules, and other items in the Firewall lists.
    But I cannot find how to edit to change the port number.
    Other threads indicate just added an open port not designating RDT as the program.
    Guidance please.

    >So, when inserting a new rule and choosing RDT from the program list automatically inserts the default port number? 
    My fault.  You should not select RDT from the program list, but instead
    select the radio button for port, then click next, select TCP, and add in
    the port number, then next and continue on with setting allow connection
    and then when does this rule apply.
    Bob Comer

  • Failed to update server firewall rules

    Hi 
    I have a problem with the SQL firewall. Unfortunately, I can not add IP address. It always comes this error when saving: Failed to update server firewall rules 
    How can I change this? I need to change this setting so that I can work again. Unfortunately, I do not want to help the Support of Microsoft !!

    Hi,
    To configure your firewall, you create firewall rules that specify ranges of acceptable IP addresses. You can create firewall rules at the
    server and database levels.
    Server-level firewall rules: These rules enable clients to access your entire Azure SQL Database server, that is, all the databases within the same logical server. These rules are stored in the
    master database.
    Database-level firewall rules: These rules enable clients to access individual databases within your Azure SQL Database server. These rules are created per database and are stored in the individual databases (including
    master). These rules can be helpful in restricting access to certain (secure) databases within the same logical server.
    For additional information check this below link
    http://msdn.microsoft.com/en-us/library/azure/ee621782.aspx
    http://social.technet.microsoft.com/wiki/contents/articles/2677.windows-azure-sql-database-firewall-en-us.aspx
    http://social.msdn.microsoft.com/Forums/azure/en-US/ea128f00-8a94-4ace-88ff-d7095ff60c1a/cannot-change-firewall-setting-for-sql-azure-after-ip-change?forum=ssdsgetstarted
    Girish Prajwal

  • How to setup user's rights to modify Windows Firewall Rules?

    I would like to have an account in my system that doesn't have any other administrative privileges besides rights to modify the Windows Firewall rules by means of Firewall API. How to setup a minimal set of rights for this account to do the task?
    Right now what I see is that if I try to call INetFwRule::put_RemoteAddresses from an account without administrative privileges, the call fails with access denied. There is no means to find out access to what is needed. The call fails even if the process
    is run under high integrity level.
    I tried to setup global security audit, but there were no relevant events logged.
    I tried to monitor the process with procmon, there were no any access denied events logged.
    I tried to give the full access for this account to the correspondent registry keys. It didn't help.
    I stepped firewallapi.dll in a debugger and found out that what fails is an RPC call to some COM interface proxy. I assumed that probably it is a remote call to some HNetCfg.FwRule method. I tried to add the user account to the HNetCfg.FwRule launch and
    access permission ACLs in the DCOM configuration utility. It didn't help either.
    Dear Microsoft, why did you do such a simple thing as settings user rights so difficult? Can you reveal the secret what rights and privileges I have to set?
    Thanks in advance.
    Dei nostra Matrix est.

    Here is what I found so far.
    The firewall service calls RpcServerRegisterAuthInfo to setup RPC security from FwRpcAPIsRegisterAuthInfo. It happens during registration of RPC interfaces in FwRpcAPIsInterfaceCreate. FwRpcAPIsInterfaceCreate is called from FwRpcAPIsInitialize. And FwRpcAPIsInitialize
    is used from FwServiceAsyncStartupRoutine.
    After calling FwRpcAPIsRegisterAuthInfo function FwRpcAPIsInterfaceCreate calls ConvertStringSecurityDescriptorToSecurityDescriptor, which converts a textual description of a security descriptor to some binary form.
    So my guess is that access rights are hard coded inside mpssvc.dll and what I have to do is just to find the textual representation of the correspondent descriptor.
    I found 8 descriptors inside mpssvc.dll:
    O:SYG:SYD:(A;;RCWD;;;BA)(A;;RCWD;;;NO)
    O:SYG:SYD:(A;;RCWD;;;S-1-5-80-2940520708-3855866260-481812779-327648279-1710889582)(A;;RCWD;;;S-1-5-80-3526382388-830156861-4107432654-3665941875-1028450966)
    O:SYG:SYD:(A;;RCWD;;;S-1-5-80-62724632-2456781206-3863850748-1496050881-1042387526)
    O:SYG:SYD:(A;;RCWD;;;S-1-5-80-979556362-403687129-3954533659-2335141334-1547273080)
    O:SYG:SYD:(A;;RC;;;BA)(A;;RC;;;NO)(A;;RCWD;;;CY)
    O:SYG:SYD:(A;;RCWD;;;BA)(A;;RCWD;;;NO)(A;;RC;;;CY)
    O:SYG:SYD:(A;;RCWD;;;BA)(A;;RCWD;;;NO)(A;;RC;;;AU)
    O:SYG:SYD:(A;;RC;;;AU)
    I don't know yet which one corresponds to changing a firewall rule.
    Dei nostra Matrix est.

  • Modifying Firewall Rules On a Unbooted System

    If my subject wasn't clear, here is what I'm asking.
    I want to know how I can "clear out", meaning restore to factory defaults, the firewall settings on an OS X Server installation. But not on the boot drive. My server has two drives. And as a last resort, I'd like to know how I can, while booted off it's backup drive, access the main boot drive and revert the firewall rules. That way I can boot off the main drive again, and have full access to the machine, where I can then go in and set it up again.
    So I guess I need to know where on the filesystem these rules are stored. And if there is anything I have to do to flush old rules out. Again let me reiterate, I'm not talking about on a running OS X System, I'm talking about doing this to a secondary drive that isn't the boot drive.
    Hopefully I won't need this information but just in case, best to have it on hand.
    Thanks

    If I understand you correctly...
    On Leopard, it seems the firewall is started based on the presence of this file:
    /etc/ipfilter/ipfwstate-on
    If you remove it, the firewall should not be enabled allowing you to login and change the settings.

  • 0x8007000e (E_OUTOFMEMORY) while adding a firewall rule using the windows firewall COM API

    Hello,
    Configuration: Windows Embedded 8 64-bit.
    I'm using the Windows Firewall with Advanced Security COM API. The program uses the INetFwRules interface. Basically, I'm using the following code (Form the code sample available here : http://msdn.microsoft.com/en-us/library/windows/desktop/dd339604%28v=vs.85%29.aspx.)
     I get the error when performing "hr = pFwRules->Add(pFwRule);".
    We can also encounter the problem when removing a rule (using pFwRules->Remove(ruleName);)
    HRESULT hrComInit = S_OK;
    HRESULT hr = S_OK;
    INetFwPolicy2 *pNetFwPolicy2 = NULL;
    INetFwRules *pFwRules = NULL;
    INetFwRule *pFwRule = NULL;
    long CurrentProfilesBitMask = 0;
    BSTR bstrRuleName = SysAllocString(L"SERVICE_RULE");
    BSTR bstrRuleDescription = SysAllocString(L"Allow incoming network traffic to myservice");
    BSTR bstrRuleGroup = SysAllocString(L"Sample Rule Group");
    BSTR bstrRuleApplication = SysAllocString(L"%systemroot%\\system32\\myservice.exe");
    BSTR bstrRuleService = SysAllocString(L"myservicename");
    BSTR bstrRuleLPorts = SysAllocString(L"135");
    // Initialize COM.
    hrComInit = CoInitializeEx(
    0,
    COINIT_APARTMENTTHREADED
    // Ignore RPC_E_CHANGED_MODE; this just means that COM has already been
    // initialized with a different mode. Since we don't care what the mode is,
    // we'll just use the existing mode.
    if (hrComInit != RPC_E_CHANGED_MODE)
    if (FAILED(hrComInit))
    printf("CoInitializeEx failed: 0x%08lx\n", hrComInit);
    goto Cleanup;
    // Retrieve INetFwPolicy2
    hr = WFCOMInitialize(&pNetFwPolicy2);
    if (FAILED(hr))
    goto Cleanup;
    // Retrieve INetFwRules
    hr = pNetFwPolicy2->get_Rules(&pFwRules);
    if (FAILED(hr))
    printf("get_Rules failed: 0x%08lx\n", hr);
    goto Cleanup;
    // Create a new Firewall Rule object.
    hr = CoCreateInstance(
    __uuidof(NetFwRule),
    NULL,
    CLSCTX_INPROC_SERVER,
    __uuidof(INetFwRule),
    (void**)&pFwRule);
    if (FAILED(hr))
    printf("CoCreateInstance for Firewall Rule failed: 0x%08lx\n", hr);
    goto Cleanup;
    // Populate the Firewall Rule object
    pFwRule->put_Name(bstrRuleName);
    pFwRule->put_Description(bstrRuleDescription);
    pFwRule->put_ApplicationName(bstrRuleApplication);
    pFwRule->put_ServiceName(bstrRuleService);
    pFwRule->put_Protocol(NET_FW_IP_PROTOCOL_TCP);
    pFwRule->put_LocalPorts(bstrRuleLPorts);
    pFwRule->put_Grouping(bstrRuleGroup);
    pFwRule->put_Profiles(CurrentProfilesBitMask);
    pFwRule->put_Action(NET_FW_ACTION_ALLOW);
    pFwRule->put_Enabled(VARIANT_TRUE);
    // Add the Firewall Rule
    hr = pFwRules->Add(pFwRule);
    if (FAILED(hr))
    printf("Firewall Rule Add failed: 0x%08lx\n", hr);
    goto Cleanup;
    This works pretty well but, sometimes, at system startup, adding a rule ends up with the error 0x8007000e (E_OUTOFMEMORY) ! At startup, the system is always loaded cause several applications starts at the same time. But nothing abnormal. This is quite a random
    issue.
    According MSDN documentation, this error indicates that the system "failed to allocate the necessary memory".
    I'm not convinced that we ran out of memory.
    Has someone experienced such an issue? How to avoid this?
    Thank you in advance.
    Regards, -Ruben-

    Does Windows 8 desktop have the same issue? Are you building a custom WE8S image, or are you using a full WE8S image? The reason I ask is to make sure you have the modules in the image to support the operation.
    Is Windows Embedded 8.1 industry an option?
    www.annabooks.com / www.seanliming.com / Book Author - Pro Guide to WE8S, Pro Guide to WES 7, Pro Guide to POS for .NET

Maybe you are looking for

  • Bulk collect in pl/sql table SOLVED

    Hi All, TYPE r_nparameter IS RECORD( col1 tab.col1%TYPE, col2 tab.col2%TYPE); TYPE t_no_seq IS TABLE OF r_nparameter INDEX BY BINARY_INTEGER; the t_no_seq is not initialized. My Question is If we use t_itn_seq, in a BULK COLLECT operation in a select

  • Tables where the XI Data is stored

    Dear all, Can you let me know all the tables in XI in which the data is stored. Like where the asyncronous messages are stored(which table and what is the abap program name which gets executed to store the message id's etc in the table). Pl list out

  • ITS Documentation on SDN?

    I don't see an ITS section on SDN, is there one?  I looked in the developer areas listing, and in the Web Application Server section.  Did I miss it? Thanks in advance, Andrew

  • WebService SOAP MultiPort

    Hi! I have the following problem: How to realize a SOAP multi-ports / multi-services client that load the least data possible? Currently, to connect to 2 different ports, I created 2 WebService objects, but the problem is that the WSDL is loaded twic

  • Quicktime playback problem on webpage

    Hi all, I am trying to integrate quicktime movie on my webpage using the following code: <EMBED SRC="http://www.mysite.com/video.mov" HEIGHT="391" WIDTH="500" CONTROLLER="true" AUTOPLAY="true" SCALE="tofit" TYPE="video/quicktime" PLUGINSPAGE="http://