Applescript firewall

Discussion in 'Mac Programming' started by kodydoherty, Feb 26, 2012.

  1. kodydoherty macrumors newbie

    Feb 14, 2012
    Is there a way to enable the firewall in 10.7 via Applescript? If it is possible is there a way to check if the firewall is already enabled and if it is not turn it on.

    This is all I got so far


    tell application "System Preferences"
    reveal anchor "Firewall" of pane ""
    end tell

    Thank you in advance for any help I have been stuck for a while.
  2. AlecEiffel macrumors newbie

    Mar 14, 2012
    Applescript firewall

    Merging your code, this and this:

    Firewall on:
    tell application "System Preferences"
    	set current pane to pane ""
    end tell
    delay 1
    tell application "System Events"
    	tell process "System Preferences"
    		click menu item "Security & Privacy" of menu "View" of menu bar 1
    		delay 2.5
    		if title of button 4 of window 1 is "Click the lock to make changes." then
    			click button "Click the lock to make changes." of window 1
    		end if
    			click button "Start" of tab group 1 of window "Security & Privacy"
    		end try
    		delay 1
    	end tell
    end tell
    tell application "System Preferences" to quit

    To disable the firewall just replace "Start" with "Stop" on the click button line.

    It asks for the user's password to unlock the preferences, if needed. Even if the setting isn't going to change (i.e. if the firewall is on and you try to start it, or if it is off and you try to stop it), which is the only flaw I found...

    Maybe you can make the script check the button's name first, and then decide if it needs to be 'clicked', to avoid unnecessary password checking. It works for me as it is, so I didn't bother to try.

    You can also adjust the delays, of course.

  3. AlecEiffel, Mar 15, 2012
    Last edited: Mar 15, 2012

    AlecEiffel macrumors newbie

    Mar 14, 2012
    Applescript firewall

    Another way round:

    This isn't AppleScript, but maybe it'll help you.

    You can easily build a shell script with this (let me know if you need any help on that, in case you're not used to it) and call it from/with wherever you want.

    I used this with Sidekick, to automatically turn it on/off (and do a bunch of other stuff like change network location, mount network storage, time machine, screensaver passwords...) when I'm at work/home/public network/etc. The downside is that Sidekick opens a terminal in the background to execute the command, and it stays there, nicely hidden, waiting for you to enter your password. And since it doesn't pop up into the foreground it is easy to forget that it is there...

    However, I find it preferable to the AppleScript method, which implies having "System Preferences" popping up and getting 'clicked' automatically. There's always a "WTF" moment when I switch locations and windows start opening up and buttons start getting clicked without me touching anything...

    Now that I think of it, the Sidekick/Terminal/sudo password issue might easily be solved by adjusting the sudoers file. I'll give that a shot...



    Adjusting the sudoers file effectively eliminates the need for entering a password to change firewall state. Just do sudo visudo on a Terminal window and change
    %admin ALL=(ALL) ALL
    %admin ALL=(ALL) PASSWD: ALL, NOPASSWD: /usr/bin/defaults
    or if you want to be the only user being able to do this without being asked for a password just leave the %admin line alone and add one with:
    myusername ALL=(ALL) PASSWD: ALL, NOPASSWD: /usr/bin/defaults
    sudo will keep asking for passwords for everything except for the defaults command.

    sudo -A is another solution for the 'terminal in the background' problem I referred to. The -A switch makes sudo ask for the password using a dialog instead of the terminal.
  4. seepel macrumors 6502


    Dec 22, 2009
    Not sure what your level of comfort with the command line, but the Apple firewall can be manipulated with the command line tool ipfw. If you google around you can find examples of scripts that use the command to do various things. I think it is probably a better option than trying to use AppleScript.

Share This Page