10.4: Reorder the list of firewall rules
May 08, '06 07:30:00AM
Contributed by: bigkm
If you're using the built-in firewall in OS X, you'll find that you can't rearrange the order of the rules in the GUI -- things are stuck in the order that they're shown in the panel. This can make it difficult to find the rules you've added, for instance, as they'll be at the bottom of the list.
If you'd like to rearrange the list, I've figured out how to do it. Read on for the solution...
[robg adds: I haven't tested this one...]
Here's what I did to rearrange the rules:
- Copy and paste each of the following lines into Terminal. Do not copy the $; that's just the command prompt:
$ sudo cp /Library/Preferences/com.apple.sharing.firewall.plist \
~/Desktop/
$ sudo chown $USER:$USER ~/Desktop/com.apple.sharing.firewall.plist
$ plutil -convert xml1 ~/Desktop/com.apple.sharing.firewall.plist
- The firewall rules file s now on your Desktop, and you can edit it with your favorite text editor. If you have the Developer Tools installed, then you can use Property List Editor as well. I personally use vim, but it's up to you.
- I opened the Firewall tab of the Sharing prefrences panel while I was doing the editing, because I'm used to the the order that Apple has given these rules. So as a reference, I just started at the Personal File Sharing entry and worked my way down.
After opening the file, search for Personal File Sharing, and within that entry, you will see a line for row; change its value from 0 to 10.
- Next, search for Windows Sharing, and change its row value to 11. Repeat with each rule you'd like to reorder. There are four built-in rules that are editable, so I put these at rows 6 to 9; you can double-up on rows, as it's not that picky about the numbers.
- Once you're done with the system rules, you can start on your personal rules. Start them at 0, and increment them by one for the row that you would like each rule to appear in.
- Quit System Preferences, then save your edited file and quit the editor.
- In Terminal, copy and paste the line to make sure you edited the file properly. It should return OK at the end of the line:
plutil ~/Desktop/com.apple.sharing.firewall.plist
- Now move the file back into the System, and change its ownership back to the system by copying these two commands into Terminal:
$ sudo chown root:admin ~/Desktop/com.apple.sharing.firewall.plist
$ sudo cp ~/Desktop/com.apple.sharing.firewall.plist /Library/Preferences/
You don't have to worry about converting the file back to binary, as System Preferences does this for you the next time you change the file.
Now open System Preferences, and you should see your newly ordered list.
If you are running any services like httpd or sshd on strange ports, you can add them to that particular rule -- just look at how they are formatted. That is, the line would look like row 22; copy the line and add it directly underneath as a new entry. Then change the number in the line you just added to the port your server is running on. Now you won't have to turn on the service and make sure your firewall is open as well.
Comments (5)
Mac OS X Hints
http://hints.macworld.com/article.php?story=20060428054141761