macOS13.2.1 防火墙设置修改方法

2023-02-26 15:49:41 +08:00
 Jerry23333

因为未知的原因,macOS13.2.1 中在设置中无法修改防火墙的配置,具体表现为对防火墙设置如“Enable stealth mode”打开后,重新打开设置发现该设置并未开启,并且通过 ICMP 报文进行测试会发现依旧可以回应 PING 。联系苹果售后给出的解决方案只有“重装系统”,这个方法太麻烦了,并不想使用这个办法。 经过研究,发现通过 /usr/libexec/ApplicationFirewall/socketfilterfw 可以进行控制。以开启“隐身模式”为例:

/usr/libexec/ApplicationFirewall
❯ sudo ./socketfilterfw --setstealthmode on
Password:
Stealth mode enabled
❯ sudo ./socketfilterfw --getstealthmode
Stealth mode enabled

这样进入设置就可以发现防火墙可以被正确设置了。

同样,其他的设置也可以采用同样的方式解决,其对应的完整命令如下:

❯ ./socketfilterfw -h
usage: ./socketfilterfw [-d] [-l] [-k] [--getglobalstate] [--setglobalstate on | off] [--getblockall] [--setblockall on | off] [--listapps] [--getappblocked <path>] [--blockapp <path>] [--unblockapp <path>] [--add <path>] [--remove <path>] [--getallowsigned] [--setallowsigned] [--setallowsignedapp] [--getstealthmode] [--setstealthmode on | off] [--getloggingmode] [--setloggingmode on | off] [--getloggingopt] [--setloggingopt throttled | brief | detail]
firewallapp is used to control Application Firewall socket filter.
The command takes the following options that are evaluated in order,
and several options may be combined:
 -h        display this help and exit
 -d        turn on debugging
 -l        do logging and run in daemon mode
 -k        kill daemon
 --getglobalstate                display if the firewall is enabled or not
 --setglobalstate on | off       turn the firewall on or off
 --getblockall                   show whether block all is enabled or not
 --setblockall on | off          enable or disable block all option
 --listapps                      display a list of paths of added applications
 --getappblocked <path>          show whether connections are blocked or not for
                                 the application at <path>
 --blockapp <path>               block the application at <path>
 --unblockapp <path>             unblock the application at <path>
 --add <path>                    add the application at <path> to the firewall
 --remove <path>                 remove the application at <path> from the
                                 firewall
 --getallowsigned                show whether built-in and downloaded signed applications are to
                                 automatically receive incoming connections
 --setallowsigned on | off       set whether built-in signed applications are to
                                 automatically receive incoming connections or not
 --setallowsignedapp on | off    set whether downloaded signed applications are to
                                 automatically receive incoming connections or not
 --getstealthmode                show whether stealth mode is on or not
 --setstealthmode on | off       set stealth mode on or off
 --getloggingmode                show whether logging is on or not
 --setloggingmode on | off       set logging to on or off
 --getloggingopt                 show logging option
 --setloggingopt throttled |     set logging option
                     brief |
                    detail
1106 次点击
所在节点    macOS
1 条回复
jfdnet
2023-02-26 15:55:30 +08:00
确实,可以用了。
这是个 bug 吧!

我记得之前公测版本期间,防火墙设置压根无法打开。

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/919277

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX