10.5: Enable and disable the firewall via AppleScript

Feb 20, '09 07:30:03AM

Contributed by: spar

I started using MarcoPolo recently to switch networks on my Macbook when moving between home and work. I also wanted to turn the firewall on and off easily, but could not find and scripts to switch the Leopard firewall between "Allow all incoming connections" (my definition of OFF) and "Allow only essential services" (ON).

So here is the ON script:

-- Firewall on script
--
-- Growl support - remove next line if you don't use Growl
register_growl()
-- Make sure support for assistive devices is active
tell application "System Events"
  if UI elements enabled is false then
    tell application "System Preferences"
      activate
      set current pane to pane id "com.apple.preference.universalaccess"
      -- OK or cancel. If use cancels the script exits anyway
      display dialog "This script requires access for assistive sevices be enabled." & return & return & "To continue, click the OK button and enter an administrative password in the security dialog." with icon 1
    end tell
    -- User pressed OK
    set UI elements enabled to true
    if UI elements enabled is false then
      -- remove next line if you don't use Growl
      my growlnote("Error Notification", "Firewall script error")
      return "Failed to set"
    end if
    delay 1 -- delay for user to see change
  end if
end tell
-- Do firewall action
tell application "System Preferences"
  activate
  tell application "System Events"
    tell process "System Preferences"
      click menu item "Show All Preferences" of menu 1 of menu bar item "View" of menu bar 1
      click button "Security" of scroll area 1 of window "System Preferences"
      repeat until exists window "Security"
        delay 0.2
      end repeat
      click radio button "Firewall" of tab group 1 of window "Security"
      -- uncomment the next line, and comment the one below it, to create the 'off' version of this script
      -- click radio button "Allow all incoming connections" of radio group 1 of tab group 1 of window "Security"
      click radio button "Allow only essential services" of radio group 1 of tab group 1 of window "Security"
      -- remove next line if you don't use Growl
      my growlnote("General Notification", "Allow only essential services")
    end tell
  end tell
  delay 2 -- Stay just long enough to see
  quit -- Quit system preferences after use
end tell

-- Growl support - remove both routines if you don't use Growl
on register_growl()
  try
    tell application "GrowlHelperApp"
      set the allNotificationsList to {"General Notification", "Error Notification"}
      set the enabledNotificationsList to {"General Notification", "Error Notification"}
      register as application "Configure Firewall" all notifications allNotificationsList default notifications enabledNotificationsList icon of application "Script Editor"
    end tell
  end try
end register_growl

on growlnote(growltype, str)
  try
    tell application "GrowlHelperApp"
      notify with name growltype title "Firewall" description str application name "Configure Firewall"
    end tell
  end try
end growlnote
If you are not using Growl for notifications, then remove the register_growl and growlnote subs and their associated calls.

Once you have the "ON" script working, to create the "OFF" script, just change Allow only essential services to Allow all incoming connections as noted in the commented lines -- simple.

[robg adds: I tried both scripts, and they worked as described. Copy the above into Script Editor and paste, then save it as Firewall Off. Follow the instructions to switch the functionality, and then save the modified version as Firewall On. With some tweaking, I think it'd be possible to do this in one script by first checking the status of the firewall. I'll leave that version as an exercise for someone with more AppleScript skills than I, though.]

Comments (8)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20090217124731597