V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
Jerry23333
V2EX  ›  macOS

macOS13.2.1 防火墙设置修改方法

  •  
  •   Jerry23333 · 2023-02-26 15:49:41 +08:00 · 1163 次点击
    这是一个创建于 644 天前的主题,其中的信息可能已经有所发展或是发生改变。

    因为未知的原因,macOS13.2.1 中在设置中无法修改防火墙的配置,具体表现为对防火墙设置如“Enable stealth mode”打开后,重新打开设置发现该设置并未开启,并且通过 ICMP 报文进行测试会发现依旧可以回应 PING 。联系苹果售后给出的解决方案只有“重装系统”,这个方法太麻烦了,并不想使用这个办法。 经过研究,发现通过 /usr/libexec/ApplicationFirewall/socketfilterfw 可以进行控制。以开启“隐身模式”为例:

    /usr/libexec/ApplicationFirewall
    ❯ sudo ./socketfilterfw --setstealthmode on
    Password:
    Stealth mode enabled
    ❯ sudo ./socketfilterfw --getstealthmode
    Stealth mode enabled
    

    这样进入设置就可以发现防火墙可以被正确设置了。

    同样,其他的设置也可以采用同样的方式解决,其对应的完整命令如下:

    ❯ ./socketfilterfw -h
    usage: ./socketfilterfw [-d] [-l] [-k] [--getglobalstate] [--setglobalstate on | off] [--getblockall] [--setblockall on | off] [--listapps] [--getappblocked <path>] [--blockapp <path>] [--unblockapp <path>] [--add <path>] [--remove <path>] [--getallowsigned] [--setallowsigned] [--setallowsignedapp] [--getstealthmode] [--setstealthmode on | off] [--getloggingmode] [--setloggingmode on | off] [--getloggingopt] [--setloggingopt throttled | brief | detail]
    firewallapp is used to control Application Firewall socket filter.
    The command takes the following options that are evaluated in order,
    and several options may be combined:
     -h        display this help and exit
     -d        turn on debugging
     -l        do logging and run in daemon mode
     -k        kill daemon
     --getglobalstate                display if the firewall is enabled or not
     --setglobalstate on | off       turn the firewall on or off
     --getblockall                   show whether block all is enabled or not
     --setblockall on | off          enable or disable block all option
     --listapps                      display a list of paths of added applications
     --getappblocked <path>          show whether connections are blocked or not for
                                     the application at <path>
     --blockapp <path>               block the application at <path>
     --unblockapp <path>             unblock the application at <path>
     --add <path>                    add the application at <path> to the firewall
     --remove <path>                 remove the application at <path> from the
                                     firewall
     --getallowsigned                show whether built-in and downloaded signed applications are to
                                     automatically receive incoming connections
     --setallowsigned on | off       set whether built-in signed applications are to
                                     automatically receive incoming connections or not
     --setallowsignedapp on | off    set whether downloaded signed applications are to
                                     automatically receive incoming connections or not
     --getstealthmode                show whether stealth mode is on or not
     --setstealthmode on | off       set stealth mode on or off
     --getloggingmode                show whether logging is on or not
     --setloggingmode on | off       set logging to on or off
     --getloggingopt                 show logging option
     --setloggingopt throttled |     set logging option
                         brief |
                        detail
    
    jfdnet
        1
    jfdnet  
       2023-02-26 15:55:30 +08:00
    确实,可以用了。
    这是个 bug 吧!

    我记得之前公测版本期间,防火墙设置压根无法打开。
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   889 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 25ms · UTC 20:59 · PVG 04:59 · LAX 12:59 · JFK 15:59
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.