FIREWALL / EXPLORER ISSUES (No prompt on blocked incoming connections)

Similar Messages

• Block incoming connections to ix2-dl by internal firewall/iptables

  Hi.
  How do I block incoming connection to ix2? I opened rsync and forwarded the port but I need to block all IP except one. How do I do that?
  I tried iptables, but they seem not to be working ("libkmod: ERROR ../libkmod/libkmod.c:505 kmod_lookup_alias_from_builtin_file: could not open builtin file '/lib/modules/2.6.31.8/modules.builtin.bin'").

  The ix2-dl NAS is behind Windows NAT (RASS) and so I cannot apply firewall rules from there.
  I think you should add firewall (e.g. iptables based) in next update.

• Firewall in set access mode let "allow incoming connections" without me

  I have set up my firewall to allow incoming connections for a file sharing client under "Set Access for specific services and applications", and I noticed that Skype, iChatagent, and Safari all included themselves to be set under allow as well a week later. I did not enter this in manually. How did this occur?

  I am quite befuddled by the 10.5 firewall. Maybe I'm thinking too much, but I've read all the documents I could get a hold of, and I still find it confusing and often conflicting in the specifics.
  For starters, there is the cryptic remark of ""Mac OS X normally determines which programs are allowed incoming connections. Select this option if you want to allow or block incoming connections for specific program." Presumedly the "option" it is referring to is the "Set access for specific services..." option, which implies that the "normally determines" circumstance refers to the first two options. But, "Allow all incoming connections" supposedly allows everything, and "Allow only essential services" supposedly blocks everything (except for two or three things). Where in either of these cases would OS X be "determining" anything, and if it does, what criteria is it using?
  The next thing I don't understand: when the option is set to "Set access for specific services", which applications does OS X explicitly ask permissions for? It seems that it since the firewall is only blocking incoming connections, it should only ask for applications that look like they want to accept incoming connections (i.e., server applications). But for me, it asks for permission for applications like Cyberduck (ftp app), and Microsoft Word 2004. In addition, the poster above mentioned Safari made it onto the list. To me, neither Cyberduck nor Safari should matter, since they are both purely client applications that only receive incoming data when it is requested by them, no? And what business does Word have in wanting to accept incoming connections? (maybe this is a question for Microsoft, not Apple).
  Well, I have a list of other questions about half a page long, but if anyone can help with those two, it would be a big help.

• Block incoming connection from ARDAgent?

  Since I installed Snow Leopard, I have a window that pops up and tells me if I want to block incoming connection from ARDAgent(Remote Desktop App) every time I log in or turn on the computer, no matter if I block or allow incoming connections. Can anyone tell me how to stop this?

  The blocking of incoming connections is in System Preferences>Security>Firewall
  I think (not in front of a Mac at the moment). I would have thought that once
  disabled it would remain disabled. Are you running in an admin account?
  Dave

• Firewall keeps prompting to allow incoming connections

  Hi,
  This is, by far, Lion's most annoying new feature. Every time I open iTunes after startup, I get asked to allow incoming connections through the firewall. This behavior started happening after I made the mistake of upgrading to Lion. Removing itunes from the listed of allowed software does absolutely nothing, almost as if the program is just a blank field with no actual code running behind it. The excepetion gets added back to the firewall every time the Mac is restarted along with the prompt. iTunes' startup often hangs upon waiting for this prompt to appear and be answered.
  Disabling the firewall is not an option, nor is reinstalling iTunes as it is the firewall which seems to be the problem. Rolling-back to 10.6.8 is also not a possibility at this time. I can't be the only one with this problem. Anyone else?

  Hi!
  I re-enabled firewall just to see if it was solved on 10.7.3 and, as you said, no way. Everytime I startup my iMac, Firewall is prompting me to allow incoming connections for iTunes, but not for the rest of the other software I'm using, which I was asked for just once.
  Could you solve it?

• Firewall Block incoming connections fails

  Whenever I'm on the road or at clients loactions I set my firewall to block all incoming connections.
  The explanation of Mac OS X is:
  So it shouldn't matter if at the Sharing preferences you have enabled Screen or file sharing, which I have turned on, to be able to transfer files at home.
  If "Block all incoming connections" is enabled, nobody should see you have any sharing options enabled. I always understood this is a sort of override.
  Alas, this seems not the case. My laptop is actively promoting itself as a VNC enabled computer, while block all incoming connections is checked. Unchecking the screen sharing in the sharing preferences immediately has effect on this and stops VNC braodcasting.
  Who knows more about this? Is this a bug or undocumented / wrongly documented feature?
  Kind regards,
  Roeland

  PAHU wrote:
  Roerei wrote:
  Mac OS X explicitely states that "all sharing services" will be blocked.
  And they are blocked. With this setting enabled, you cannot connect to the Mac from a remote computer.
  What it does not say is that enabling this setting will stop the Mac from being advertised. If you want this then you will need to turn off File Sharing. This will stop the Mac from being seen on the local network.
  So in summary, if you want to stop your Mac from being seen on someone else's network you are connected to, then disable File and Screen Sharing. Or trust that with the "Block all incoming" setting enabled, no other user will be able to connect to your Mac even though they can see it.
  This is just stupid. Why advertise a service which is blocked? That is just plain dump and not very security minded. If you block a service, you also should not advertise that service. Especially in the firewall preferences checking that box greys out all other options, which gives you kind of the impression that you are stealth.
  So you might be right, but it is just wrong.
  Roeland

• Logging into home remotely - is Verizon blocking incoming connection requests?

  I'm trying to set up my computer at home so that I can access it from my in-laws, who are also FIOS customers and from my Android device via Sprint's network.   Both of these use SSH as the protocol, and on the theory that port 22 might be blocked, I set up the Actiontec to map an alternate port  (1977) to port 22 on my server.  My first attempt was to use the port forwarding capability in the router, but I have been unsuccessful in establishing a connection from outside my network.
  I've tried configuring  my server as the DMZ for the Actiontec, which makes me nervous, but I was running out of ideas.  I even turned the firewall off on the PPoE connection but that didn't help either.
  From outside my network, I can ping the WAN IP address assigned by Verizon to my router, so inbound ICMP packets are OK, at least as far as getting to the Actiontec
  I can log onto my server while on my local network, but not from outside the network.
  I'm running out of ideas.  Does anyone know of a way to dump packets coming to the Actiontec so that I can tell if the inbound TCP packets make it to my router?
  Does Verizon block inbound TCP requests for residential service?  For all ports?
                                    Thanks for any info,
                              Joe H.
  {edited for privacy}
  Solved!
  Go to Solution.

  I don't have it working yet, but I was able to run a test that forwarded the port to my laptop and I see (via wireshark) the inbound connection.  So, while I can log into my server locally, I must have some sort of firewall rule on that server that's preventing connections from the outside.
  Verizon, I apologize for implying you were blocking.   This looks like a local issue on my end.

• Blocking Incoming Connections

  What are CIJScannerRegister.app, kdc and netboisd?
  Should I see them in my Incoming Connections Options?
  What affect does blocking them have?
  I ask this after Apple Support failed to achieve Remote Login connections with me today. A possible factor?
  Would appreciate your input.

  See this post on CIJScannerRegister for more info on what it is and if you actually want to stop it
  How to stop CIJScannerRegister to connect online?
  NetBiosID if necessary if you connect to windows shares, it's part of the MacOS, it's not a threat.
  KCD is to the best of my knowledge a part of the mac file transfer process for various protocols. It does not appear to be malicious, but rather a part of the Mac OS. You may want a second opinion on that one.

• Firewall always asks to allow the same incoming network connections

  I recently changed my firewall setting from "Allow all incoming connections" to "Set access for specific services and applications" in order to better protect my computer. After making this change, my computer will ask me to either allow or deny incoming network connections for any application that requests that type of connection. Once I make a decision to allow or deny access, my choice is saved in System Preferences>Security>Firewall. Thus, I do not have to keep making the decision each time access is requested - OSX remembers my decision.
  Currently, in addition to the OSX services that I have turned on and are listed in the Firewall access screen - File Sharing, Remote Login & Screen Sharing; I have the following applications listed for allowing incoming connections: Adium, Skype, TiVoDesktop, BOINC, GrowlHelperApp & Cyberduck.
  Unfortunately, for two programs - Adium and BOINC, the firewall setup asks me every time I boot, or start either application whether I want to allow incoming connections. When this request occurs, I click on the allow button. The first time I did that, an entry was made in the System Preferences>Security>Firewall settings page that shows the application and that I allowed incoming connections. But, I still get asked every time.
  During troubleshooting, I discovered that if I disabled my Bonjour account in Adium, I stopped receiving the continuous requests for Adium. In fact, when I started Adium, with the Bonjour account disabled, I received no request. However, as soon as I enabled the Bonjour account in Adium, I immediately received the request. Interestingly, the request indicated Adium, not Bonjour as making the request. And, when I clicked allow, no new entry was added to the Firewall list for Bonjour (The Adium one was already there).
  For BOINC, there is no setting related to Bonjour, so I am unable to make a clear connection there. However, even with no Projects attached to BOINC, I still get the incoming connections request every time I boot. So, the problem is related to the BOINC application itself, and not any particular project attached to it.
  The evidence suggests that the problem is associated with the OSX firewall and Bonjour, not with Adium & BOINC. Any suggestions on how to resolve this problem would be appreciated.

  Thank you for your suggestions. They were helpful. I went to System Preferences>Security>Firewall and removed all of the applications there, so that the only items left were the services I had turned on (File Sharing, Remote Login & Screen Sharing). I then restarted the computer.
  After the restart, BOINC requested the incoming connection and I clicked allow. Adium did not ask, since I had my Bonjour account within Adium disabled. I then restarted the computer again. When it came up, BOINC did not display the request window for incoming connections. So, the problem was fixed for BOINC by following your recommendations. Unfortunately, this was not the case with Adium.
  I next enabled the Bonjour account within Adium and I immediately received the request window for incoming connections. I clicked allow, and Adium.app then appeared in the System Preferences>Security>Firewall list indicating that it was allowing incoming connections. I restarted the computer and as soon as Adium restarted, the requested window returned. I immediately restarted the computer again, and got the same thing upon starting up. I then disabled the Bonjour account in Adium, restarted the computer and the request window did not come up. So, there appears to still be a problem when having an enabled Bonjour account within Adium.
  Message was edited by: paddster7

• What is the fix for some applications repeatedly asking permission to accept incoming connections?

  What is the fix for some applications repeatedly asking permission to accept incoming connections?
  On every restart, AutoPairs and Epson Event Manager asks me to reject or agree to allow incoming connections. It is very aggravating and time-wasting. I know other Mac users who have the identical problem with other applications on their Macs.
  Isn't there some way to make my Mac understand that "Yes" means "Yes" once and for all?
  I am presently running Yosemite, but this was a problem with prior OS X versions too.
  Respectfully,
  Nate

  This is a comment on why you might, or might not, want to use the built-in Application Firewall.
  The firewall blocks incoming network traffic, regardless of origin, on a per-application basis. By default it's off, and when turned on, it allows applications digitally signed by Apple, and only those applications, to listen on the network. It does not block outgoing traffic, nor can it distinguish between different sources of incoming traffic, nor does it filter traffic by content.
  No matter how it's configured, the firewall is not, as some imagine, a malware filter. If that's what you expect it to do, forget it. All it will do is bombard you with pointless alerts.
  Consider some scenarios in which you may expect the firewall to be useful.
  1. You enable file sharing, and you allow guest access to certain folders. That means you want people on your local network, but not outsiders, to be able to access those shared folders without having to enter a password. In the default configuration, the firewall will allow that to happen. The router prevents outsiders from accessing the shares, whether the application firewall is on or off. But if your computer is portable and you connect it to an untrusted network such as a public hotspot, the firewall will still allow access to anyone, which is not what you want. It does not protect you in this scenario.
  2. You unknowingly install a trojan that steals your data and uploads it to a remote server. The firewall, no matter how it's configured, will not block that outgoing traffic. It does nothing to protect you from that threat.
  3. A more likely scenario: The web browser or the router is compromised by an attacker. The attack redirects all web traffic to a bogus server. The firewall does not protect you from this threat.
  4. You're running a public web server. Your router forwards TCP connection requests on port 80 to your Mac, and the connections are accepted by the built-in web server, which is codesigned by Apple. The application firewall, still configured as above, allows this to happen. An attacker hacks into the system and tries to hijack port 80 and replace the built-in web server with one that he controls. The good news here is that the firewall does protect you; it blocks incoming connections to the malicious server and alerts you. But the bad news is that you've been rooted. The attacker who can do all this can just as easily turn off the firewall, in which case it doesn't protect you after all.
  5. You're running a Minecraft server on the local network. It listens on a high-numbered port. You, as administrator, have reconfigured the firewall to pass this traffic. An attacker is able to log in to a standard account on the server. He figures out how to crash Minecraft, or he just waits for you to quit it, and then he binds his own, malicious, Minecraft server to the same port. The firewall blocks his server, and because he's not an administrator, he can't do anything about it. In this scenario, the security is genuine.
  6. Here is a more realistic scenario in which you might have reason to enable the firewall. Your MacBook has sharing services enabled. You want those services to be available to others on a home or office network. When you're on those networks, the firewall should be off. When you move to an untrusted network, you can either turn off all the services, or enable the firewall with a non-default configuration to block them. Blocking is easier: one click instead of several.

• Incoming Connections Port Scan warning from anti-virus software

  My anti-virus gave me a warning that a port scan had occurred on my Mac, after which I blocked the address of the incoming connection. Does this mean my computer has been hacked and what should I do? Today I also noticed two worrisome outgoing connections entitled "wwwalt2.infoyouaskedfor.com" and "Gemini.leadertech.com" that repeatedly kept appearing on my anti-virus network monitor, one after the other. I entered them in the "Whois" window but it didn't give me any information. My Mac Firewall was already set to only allow incoming connections from applications with certificates, so I don't understand how this happened.

  Hi AML225;
  Try ClamXav. It is free and runs will on Macs.
  Norton even for free is terrible on a Mac. It causes more problems then it solves.
  Allan

• System asking for permission for incoming connections

  When I restart my computer I get messages that ask if I want to allow incoming connections to programs such as qmaster and realplayer. I allow this. The message also says that I can change this in the firewall pane in system preferences. When I go there I see that both already allow incoming connections.
  Why is the system asking me each time when I've already said that it is allowed?

  I had the same problem for iTunes, Connect360 and Transmission. After reading many forum post and trying many things to no end this is what worked for me.
  NOTE THIS WORKED FOR ME, IT MAY NOT WORK FOR YOU, DON'T BLAME ME.
  1. Log into an Admin account
  2. Go to the Firewall under the Security Pane in System Preferences and remove ALL programs listed under "Set access for specific services and applications." (you can try removing just the troublesome apps)
  3. Still in the Firewall tab, change setting to "Allow all incoming connections."
  4. In the Finder go to your Applications Folder and drag iTunes (or any other offending apps) to the trash and delete from the dock. *This SHOULD NOT delete your music, playlists, ratings or anything else, it did not on mine. But BACKUP if you want to be 100% sure*
  5. In the System Preferences, go to Accounts > Login Items and remove ItunesHelper.
  6. Restart your mac and log in as the Admin again.
  7. Download any apps you deleted, i.e. iTunes. Link: http://www.apple.com/itunes/download/
  8. Install the apps (don't open them after install)
  9. Go back into the firewall settings and change it back to "Set access for specific services and applications."
  10. Open iTunes and any other apps you reinstalled.
  11. Add iTunes back to the Dock.
  This should have fixed the problem, and iTunes should act like nothing ever happened...
  We still need to add iTunesHelper back to the Login Items.
  12. In the finder go to Applications, and right-click on iTunes, select "Show Package Contents.
  13.Open the System Preferences and go to Login Items under Accounts.
  14. Back in the finder (the iTunes Package Contents) go to Contents>Resources>iTunesHelper
  15. Drag iTunesHelper into the Login Items list.
  This worked for me. I don't think it ever asked for permission for iTunes. And I have only been asked once for the other programs that used to ask me everytime.
  Hope this helps you and everyone else with this problem.

• Setting blocking NNTP connections?

  Do you guys know if there is a firewall setting etc that might be blocking NNTP connections? I have looked thru my preferences, but found nothing. I have been unable to connect to my local ISP's newsgroups yet the hardwired PC in my house can connect fine.
  Thanks for any info!

  See this post on CIJScannerRegister for more info on what it is and if you actually want to stop it
  How to stop CIJScannerRegister to connect online?
  NetBiosID if necessary if you connect to windows shares, it's part of the MacOS, it's not a threat.
  KCD is to the best of my knowledge a part of the mac file transfer process for various protocols. It does not appear to be malicious, but rather a part of the Mac OS. You may want a second opinion on that one.

• Help with blocking incoming messages from 1 contact through firewall?

  i have a blackberry curve 8520, and  really want to block one contact, can somebody help me asap

  Hi and Welcome to the Community!
  I know it's been a while since you posted this, but you never know...
  KB23877 How to block incoming messages using the BlackBerry smartphone firewall
  Good luck!
  Occam's Razor nearly always applies when troubleshooting technology issues!
  If anyone has been helpful to you, please show your appreciation by clicking the button inside of their post. Please click here and read, along with the threads to which it links, for helpful information to guide you as you proceed. I always recommend that you treat your BlackBerry like any other computing device, including using a regular backup schedule...click here for an article with instructions.
  Join our BBM Channels
  BSCF General Channel
  PIN: C0001B7B4   Display/Scan Bar Code
  Knowledge Base Updates
  PIN: C0005A9AA   Display/Scan Bar Code

• All Applications Cause Firewall's "Accept Incoming Connections" Prompt

  Every time I open a "Save," "Save As," or "Open" dialog box, in any application, I get multiple prompts from the firewall to allow or deny incoming connections for that application. The prompt disappears almost immediately. This occurs in applications I've listed as exceptions as well as those unlisted.
  A few other things I've observed:
  - This happens while I'm connected to my Windows 7 machine on over the home network.
  - If I unmount the other computer, I no longer get the prompt.
  - It doesn't happen when I've mounted another Mac.
  - It doesn't happen when I block all incoming connections, but then file sharing doesn't work either.
  - It happens in every application, including System Preferences.
  What I've tried:
  - Deleting the firewall's plist file in /Library/Preferences
  - Removing all exceptions and disabling/reenabling the firewall and the option to block all incoming connections.
  I've seen this question asked numerous times in various places on the internet, and I have yet to find a solution. Some suggest reinstalling every application that does this, while others recommend disabling the firewall altogether. I don't see either of these is a solution. None of the other versions of this question have referenced the presence of a mounted network computer.
  Thanks for your input.

  Try adding
  /System/Library/CoreServices/Finder.app
  to the Apple Menu -> System Preferences -> Security -> Firewall -> Advanced (after unlocking lock) -> "+" symbol
  to add the Finder app to list of applications accepting incoming connections.
  Not sure if this is a secure method, but it might be better than turning the firewall off altogether. Works for me for the time being, and I just thought of this after looking all over for a solution myself.