Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.5: Enable and disable the firewall via AppleScript Network
I started using MarcoPolo recently to switch networks on my Macbook when moving between home and work. I also wanted to turn the firewall on and off easily, but could not find and scripts to switch the Leopard firewall between "Allow all incoming connections" (my definition of OFF) and "Allow only essential services" (ON).

So here is the ON script:
-- Firewall on script
--
-- Growl support - remove next line if you don't use Growl
register_growl()
-- Make sure support for assistive devices is active
tell application "System Events"
  if UI elements enabled is false then
    tell application "System Preferences"
      activate
      set current pane to pane id "com.apple.preference.universalaccess"
      -- OK or cancel. If use cancels the script exits anyway
      display dialog "This script requires access for assistive sevices be enabled." & return & return & "To continue, click the OK button and enter an administrative password in the security dialog." with icon 1
    end tell
    -- User pressed OK
    set UI elements enabled to true
    if UI elements enabled is false then
      -- remove next line if you don't use Growl
      my growlnote("Error Notification", "Firewall script error")
      return "Failed to set"
    end if
    delay 1 -- delay for user to see change
  end if
end tell
-- Do firewall action
tell application "System Preferences"
  activate
  tell application "System Events"
    tell process "System Preferences"
      click menu item "Show All Preferences" of menu 1 of menu bar item "View" of menu bar 1
      click button "Security" of scroll area 1 of window "System Preferences"
      repeat until exists window "Security"
        delay 0.2
      end repeat
      click radio button "Firewall" of tab group 1 of window "Security"
      -- uncomment the next line, and comment the one below it, to create the 'off' version of this script
      -- click radio button "Allow all incoming connections" of radio group 1 of tab group 1 of window "Security"
      click radio button "Allow only essential services" of radio group 1 of tab group 1 of window "Security"
      -- remove next line if you don't use Growl
      my growlnote("General Notification", "Allow only essential services")
    end tell
  end tell
  delay 2 -- Stay just long enough to see
  quit -- Quit system preferences after use
end tell

-- Growl support - remove both routines if you don't use Growl
on register_growl()
  try
    tell application "GrowlHelperApp"
      set the allNotificationsList to {"General Notification", "Error Notification"}
      set the enabledNotificationsList to {"General Notification", "Error Notification"}
      register as application "Configure Firewall" all notifications allNotificationsList default notifications enabledNotificationsList icon of application "Script Editor"
    end tell
  end try
end register_growl

on growlnote(growltype, str)
  try
    tell application "GrowlHelperApp"
      notify with name growltype title "Firewall" description str application name "Configure Firewall"
    end tell
  end try
end growlnote
If you are not using Growl for notifications, then remove the register_growl and growlnote subs and their associated calls.

Once you have the "ON" script working, to create the "OFF" script, just change Allow only essential services to Allow all incoming connections as noted in the commented lines -- simple.

[robg adds: I tried both scripts, and they worked as described. Copy the above into Script Editor and paste, then save it as Firewall Off. Follow the instructions to switch the functionality, and then save the modified version as Firewall On. With some tweaking, I think it'd be possible to do this in one script by first checking the status of the firewall. I'll leave that version as an exercise for someone with more AppleScript skills than I, though.]
    •    
  • Currently 1.88 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (8 votes cast)
 
[21,635 views]  

10.5: Enable and disable the firewall via AppleScript | 8 comments | Create New Account
Click here to return to the '10.5: Enable and disable the firewall via AppleScript' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.5: Enable and disable the firewall via AppleScript
Authored by: brett_x on Feb 20, '09 12:06:49PM

Wow.. that's a workaround. Here's a one-liner to enable or disable it in a shell script (or just in terminal as admin)

defaults write /Library/Preferences/com.apple.alf globalstate 0
that will disable it

defaults write /Library/Preferences/com.apple.alf globalstate 1
will enable it and set it to "Set access for specific services..."

defaults write /Library/Preferences/com.apple.alf globalstate 2
will enable it and set it to "Allow only essential services"

Of course
defaults read /Library/Preferences/com.apple.alf globalstate
will return a result of 0, 1 or 2 which correlates to the above settings.



[ Reply to This | # ]
10.5: Enable and disable the firewall via AppleScript
Authored by: pukupi on Apr 29, '09 06:48:18PM
This doesn't work: it changes the Firewall UI state but doesn't change the firewall state. You can confirm this for yourself but running these commands and testing open ports via Shields Up!:

https://www.grc.com/x/ne.dll?bh0bkyd2

[ Reply to This | # ]
10.5: Enable and disable the firewall via AppleScript
Authored by: MrMagoo on Feb 20, '09 05:22:52PM

Maybe another way, via terminal is:

ON:
sudo /sbin/ipfw enable firewall

OFF:
sudo /sbin/ipfw disable firewall

CHECK IPFW STATUS:
/usr/sbin/sysctl net.inet.ip.fw.enable
0 = Off, all in/out allowed.
1 = Running and active.

No side effects, ok with Tiger and Leopard.
I have used this for years.

Good luck.



[ Reply to This | # ]
10.5: Enable and disable the firewall via AppleScript
Authored by: brett_x on Feb 22, '09 12:30:09PM

That will enable or disable the IPFW, which is not the firewall used in 10.5. It certainly works in 10.5 (many argue that it works better than the 10.5 Application Firewall), but it should be noted that that's not what this hint is referring to.



[ Reply to This | # ]
10.5: Enable and disable the firewall via AppleScript
Authored by: dsanfili on Feb 22, '09 01:25:48PM
Nothing original here, I've simply combined a couple of the previous suggestions. Place this one script, saved as an application, in your script folder and use it to toggle the firewall on or off. If the firewall is ON, it will change its name to "Turn Firewall OFF". If the firewall is OFF, it will change its name to "Turn Firewall ON". (Warning - Do not run this script from within the Script Editor. Save it as an application first and then run it).

I have it set to toggle between "Allow all incoming connections" (OFF) and "Set access for specific services and applications" (ON). If you want in to toggle between "Allow all incoming connections" (OFF) and "Allow only essential services" (ON), change the number "1" in line seven to the number "2".

Here's the script:
tell application "Finder"
  set getValue to (do shell script "defaults read /Library/Preferences/com.apple.alf globalstate")
  if getValue is equal to "0" then
    display dialog " Confirm

Turn Firewall ON ?"
    do shell script "defaults write /Library/Preferences/com.apple.alf globalstate 1"
    set the name of (path to me) to "Turn Firewall OFF"
  else if getValue is not equal to "0" then
    display dialog " Confirm

    Turn Firewall OFF ?"
    do shell script "defaults write /Library/Preferences/com.apple.alf globalstate 0"
    set the name of (path to me) to "Turn Firewall ON"
  end if
end tell


[ Reply to This | # ]
10.5: Enable and disable the firewall via AppleScript
Authored by: raoulteeuwen on Jun 07, '09 06:25:09AM

Thanks. For people with Dutch OSX language and without Growl, your script is:

-- Firewall on script
--
-- Growl support - remove next line if you don't use Growl
-- Make sure support for assistive devices is active
tell application "System Events"
if UI elements enabled is false then
tell application "System Preferences"
activate
set current pane to pane id "com.apple.preference.universalaccess"
-- OK or cancel. If use cancels the script exits anyway
display dialog "This script requires access for assistive sevices be enabled." & return & return & "To continue, click the OK button and enter an administrative password in the security dialog." with icon 1
end tell
-- User pressed OK
set UI elements enabled to true
if UI elements enabled is false then
-- remove next line if you don't use Growl
return "Failed to set"
end if
delay 1 -- delay for user to see change
end if
end tell
-- Do firewall action
tell application "System Preferences"
activate
tell application "System Events"
tell process "Systeemvoorkeuren"
click menu item "Toon alle voorkeuren" of menu 1 of menu bar item "Weergave" of menu bar 1
click button "Beveiliging" of scroll area 1 of window "Systeemvoorkeuren"
repeat until exists window "Beveiliging"
delay 0.2
end repeat
click radio button "Firewall" of tab group 1 of window "Beveiliging"
-- uncomment the next line, and comment the one below it, to create the 'off' version of this script
-- click radio button "Sta alle inkomende verbindingen toe" of radio group 1 of tab group 1 of window "Beveiliging"
click radio button "Sta alleen essentiƫle voorzieningen toe" of radio group 1 of tab group 1 of window "Beveiliging"
-- remove next line if you don't use Growl
-- my growlnote("General Notification", "Allow only essential services")
end tell
end tell
delay 2 -- Stay just long enough to see
quit -- Quit system preferences after use
end tell



[ Reply to This | # ]
10.5: Enable and disable the firewall via AppleScript
Authored by: seewolf on Oct 01, '09 07:17:35AM

has anyone a script for osx "snow leopard"??



[ Reply to This | # ]
Lion solution
Authored by: lhagan on Apr 16, '12 10:30:26PM
If you're looking for a way to control Lion's firewall using AppleScript, I put together a script that does exactly that. It's up on GitHub (https://github.com/lhagan/Firewall-Switch) and here's the (MIT Licensed) code:

set getValue to do shell script "defaults read /Library/Preferences/com.apple.alf globalstate"
if getValue is less than "2" then
	display dialog "Switch firewall ON?" with icon caution
	do shell script "/usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on --setblockall on" with administrator privileges
else
	display dialog "Switch firewall OFF?" with icon caution
	do shell script "/usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate off" with administrator privileges
end if
Based on an article by Charles Edge (http://krypted.com/mac-os-x/the-os-x-application-layer-firewall-part-3-lion/) and a comment by 'dsanfili' (http://hints.macworld.com/article.php?story=20090217124731597).

[ Reply to This | # ]