PDA

View Full Version : Applescript firewall




kodydoherty
Feb 27, 2012, 01:35 AM
Is there a way to enable the firewall in 10.7 via Applescript? If it is possible is there a way to check if the firewall is already enabled and if it is not turn it on.

This is all I got so far

example:


tell application "System Preferences"
activate
reveal anchor "Firewall" of pane "com.apple.preference.security"
end tell

Thank you in advance for any help I have been stuck for a while.



AlecEiffel
Mar 14, 2012, 05:40 PM
Merging your code, this (http://stackoverflow.com/questions/7550016/unlock-system-preferences-using-gui-applescript) and this (http://www.mac-help.com/t511-how-turn-off-your-firewall-applescript.html):

Firewall on:
tell application "System Preferences"
activate
set current pane to pane "com.apple.preference.security"
end tell

delay 1

tell application "System Events"
tell process "System Preferences"
click menu item "Security & Privacy" of menu "View" of menu bar 1
delay 2.5
if title of button 4 of window 1 is "Click the lock to make changes." then
click button "Click the lock to make changes." of window 1
end if

try
click button "Start" of tab group 1 of window "Security & Privacy"
end try
delay 1
end tell
end tell

tell application "System Preferences" to quit


To disable the firewall just replace "Start" with "Stop" on the click button line.

It asks for the user's password to unlock the preferences, if needed. Even if the setting isn't going to change (i.e. if the firewall is on and you try to start it, or if it is off and you try to stop it), which is the only flaw I found...

Maybe you can make the script check the button's name first, and then decide if it needs to be 'clicked', to avoid unnecessary password checking. It works for me as it is, so I didn't bother to try.

You can also adjust the delays, of course.

Cheers

AlecEiffel
Mar 15, 2012, 04:58 AM
Another way round:

This (http://hints.macworld.com/article.php?story=20080110103812947) isn't AppleScript, but maybe it'll help you.

You can easily build a shell script with this (let me know if you need any help on that, in case you're not used to it) and call it from/with wherever you want.

I used this with Sidekick, to automatically turn it on/off (and do a bunch of other stuff like change network location, mount network storage, time machine, screensaver passwords...) when I'm at work/home/public network/etc. The downside is that Sidekick opens a terminal in the background to execute the command, and it stays there, nicely hidden, waiting for you to enter your password. And since it doesn't pop up into the foreground it is easy to forget that it is there...

However, I find it preferable to the AppleScript method, which implies having "System Preferences" popping up and getting 'clicked' automatically. There's always a "WTF" moment when I switch locations and windows start opening up and buttons start getting clicked without me touching anything...

Now that I think of it, the Sidekick/Terminal/sudo password issue might easily be solved by adjusting the sudoers file. I'll give that a shot...

Cheers

Edit:

Adjusting the sudoers file effectively eliminates the need for entering a password to change firewall state. Just do sudo visudo on a Terminal window and change
%admin ALL=(ALL) ALL
to
%admin ALL=(ALL) PASSWD: ALL, NOPASSWD: /usr/bin/defaults
or if you want to be the only user being able to do this without being asked for a password just leave the %admin line alone and add one with:
myusername ALL=(ALL) PASSWD: ALL, NOPASSWD: /usr/bin/defaults
sudo will keep asking for passwords for everything except for the defaults command.

sudo -A is another solution for the 'terminal in the background' problem I referred to. The -A switch makes sudo ask for the password using a dialog instead of the terminal.

seepel
Mar 16, 2012, 03:03 PM
Not sure what your level of comfort with the command line, but the Apple firewall can be manipulated with the command line tool ipfw. If you google around you can find examples of scripts that use the command to do various things. I think it is probably a better option than trying to use AppleScript.