OK this article is sort of silly and will be fairly short and to the point but earlier I was trying to find the process name of the OSX Lion firewall. During the process of looking for the OSX Lion firewall process name I learned a bunch of little firewall tidbits such as there are a ton of settings you can set from the command line, there are third party OSX Lion Firewall GUI configuration tools, and there are complete third party firewalls available for install on OSX Lion.
OSX Lion Firewall Process Name:
The firewall that comes installed with OSX Lion runs under the process name of socketfilterfw as shown in the Activity Monitor example image below.
Activity Monitor Displaying The socketfilterfw Process Otherwise Known As The Mac OSX Lion Firewall Process:
As you can see in the above image the socketfilterfw process runs as the root user. The interesting part about socketfilterfw is the fact that there are a lot more settings that what is made available via the Security & Privacy section of System Preferences. While I explain how to see the available socketfilterfw command line configuration settings below there are some great articles available regarding numerous other socketfilterfw CLI options and can be easily located with a quick Google search.
Use The -h Switch With socketfilterfw To See The Command Line Configuration Options:
- acomputerhere:~ alex$ /usr/libexec/ApplicationFirewall/socketfilterfw -h
- usage: /usr/libexec/ApplicationFirewall/socketfilterfw [-c] [-w] [-d] [-l] [-T] [-U] [-B] [-L] [-a listen or accept] [-s file to sign] [-v file to verify] [-p pid to write] [--getglobalstate] [--setglobalstate on | off] [--getblockall] [--setblockall on | off] [--listapps] [--getappblocked <path>] [--blockapp <path>] [--unblockapp <path>] [--add <path>] [--remove <path>] [--getallowsigned] [--setallowsigned] [--getstealthmode] [--setstealthmode on | off] [--getloggingmode] [--setloggingmode on | off]
- firewallapp is used to control Application Firewall socket filter.
- The command takes the following options that are evaluated in order,
- and several options may be combined:
- -h display this help and exit
- -t app set trusted app, e.g. -t app1 app2 app3
- -i dump socket filter internal data info
- -d turn on debugging
- -l do logging and run in daemon mode
- -k kill daemon
- -a ask when listen or accept, ask "accept" or ask "listen"
- -s file sign file
- -v file verify file
- -c check file
- --getglobalstate display if the firewall is enabled or not
- --setglobalstate on | off turn the firewall on or off
- --getblockall show whether block all is enabled or not
- --setblockall on | off enable or disable block all option
- --listapps display a list of paths of added applications
- --getappblocked <path> show whether connections are blocked or not for
- the application at <path>
- --blockapp <path> block the application at <path>
- --unblockapp <path> unblock the application at <path>
- --add <path> add the application at <path> to the firewall
- --remove <path> remove the application at <path> from the
- firewall
- --getallowsigned show whether signed applications are to
- automatically receive incoming connections
- --setallowsigned on | off set whether signed applications are to
- automatically receive incoming connections or not
- --getstealthmode show whether stealth mode is on or not
- --setstealthmode on | off set stealth mode on or off
- --getloggingmode show whether logging is on or not
- --setloggingmode on | off set logging to on or off
- acomputerhere:~ alex$
There is a lot to take in there so something that will provide a great deal of help configuring the OSX Lion Socket Filter Firewall is a third party GUI configuration application called IceFloor and this application is available for download by clicking here. Below are a couple example images that will show how useful IceFloor can be for configuring any of OSX Lions Socket Filter Firewall settings that are not available by default via System Preferences.
IceFloor: The Third Party Mac Lion Socket Filter Firewall GUI Configuration Application:
As you can see from the above example image socketfilterfw or the Lion Socket Filter Firewall can get complicated very quickly. If you are going to use IceFloor make sure that you read the directions before you start making configuration changes. I believe that Apple does not include such detailed options to minimize issues for novice or beginner types of users as you have to be fairly versed in firewalls and firewall rules to configure all of the firewall options available with the IceFloor application.
Regarding the comment about the firewall process name in the second paragraph at the top of this page (copied below for convenience), I have always been under the impression that socketfilterfw is the firewall configuration utility process, not the firewall process itself. It’s entirely possible that I’m wrong, but a few years of experience have borne out this understanding. Please let me know if you discover me to be misinformed.
I just found a statement supporting my understanding at http://fabulouspanda.co.uk/forums/discussion/194/firewall-configuration-utility-process-socketfilterfw-leaks-memory/p1
From 2nd paragraph above:
“The firewall that comes installed with OSX Lion runs under the process name of socketfilterfw as shown in the Activity Monitor example image below.”
BTW, I hope you don’t mind me pointing out that the word ‘above’ is misspelled in your captcha instructions at the bottom of this page.