如何使用命令行将受信任站点添加到 Mac OS X 上的应用程序层过滤器(套接字过滤器防火墙)?
我正在尝试通过命令行将受信任的站点添加到 Mac OS X 的防火墙。据我所知,以前,我们能够使用 ipfw 通过使用端口号或 IP 在数据包级别上配置防火墙。在 Leopard (10.5) 及更高版本中,有一项新功能可将受信任的应用程序添加到列表中。这可以使用 UI 来完成:
系统偏好设置 >安全>防火墙
以及使用命令行: socketfilterfw
%sudo /usr/libexec/ApplicationFirewall/socketfilterfw -t "[binary path of application]"
但是,当我执行上述命令时遇到问题,实用程序“挂起”并且似乎没有执行任何操作。这是我收到的输出,然后什么都不做:
kyue:/usr/libexec/ApplicationFirewall> sudo ./socketfilterfw -t \~/[my binary path]\
adding ~/[my binary path] to the list of trusted applications
GetSignException: creator ‘BNUp’
GetSignException: creator ‘BNu2′
GetSignException: creator ‘SWar’
GetSignException: creator ‘StCm’
GetSignException: creator ‘Dbl2′
GetSignException: creator ‘PJ03′
GetSignException: creator ‘PJ07′
GetSignException: creator ‘FP98′
这篇文章提供了很好的指导:
http://krypted.com/mac-os-x/command-line-alf-on-mac-os-x/ comment-page-1/#comment-547
只是想知道这里是否有人知道为什么它似乎不起作用。
吉
I am trying to add trusted sites to Mac OS X's firewall via command-line. I understand that previously, we were able to use ipfw to configure the firewall on a packet level by using port numbers or IPs. In Leopard (10.5) and on, there is a new feature to add a trusted application to a list. This can be accomplished using the UI:
System Preferences > Security > Firewall
As well as using the command-line: socketfilterfw
%sudo /usr/libexec/ApplicationFirewall/socketfilterfw -t "[binary path of application]"
However, I am having problems when I execute the above command, the utility "hangs" and doesn't seem to do anything. This is the output I would receive, and then does nothing:
kyue:/usr/libexec/ApplicationFirewall> sudo ./socketfilterfw -t \~/[my binary path]\
adding ~/[my binary path] to the list of trusted applications
GetSignException: creator ‘BNUp’
GetSignException: creator ‘BNu2′
GetSignException: creator ‘SWar’
GetSignException: creator ‘StCm’
GetSignException: creator ‘Dbl2′
GetSignException: creator ‘PJ03′
GetSignException: creator ‘PJ07′
GetSignException: creator ‘FP98′
There was great guidance from this article:
http://krypted.com/mac-os-x/command-line-alf-on-mac-os-x/comment-page-1/#comment-547
Just wondering if anyone here may know why it doesn't seem to be working.
Kat
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
只是为了提供一点结束。又玩了一会儿之后。这些 GetSignException 消息适用于已签名但在我的 Mac 上找不到的应用程序。这些创作者来自魔兽世界、暗黑破坏神2等,与我想做的事情无关。我在苹果讨论论坛上发布了这个问题。有人说这可能是因为这不再受支持,因此不再起作用。
http://discussions.apple.com/thread.jspa?messageID=10900266& ;#10900266
Just to provide a bit of closure. After playing around with it some more. These GetSignException messages are for applications that are signed and not found on my Mac. These creators are from World of Warcraft, Diablo2, etc, which are irrelevant to what I am trying to do. I posted the question on Apple Discussions Forum. Someone said that this may be because this is no longer supported, therefore, does not work anymore.
http://discussions.apple.com/thread.jspa?messageID=10900266�
我通过 rvm 使用 ruby 安装了这个。
这是无价的,也是我认为的正确方法。
http://forums.macnn.com /79/developer-center/355720/how-re-sign-apples-applications-once
我重新签署了我的 rvm/ruby 二进制文件,一切都很好。
相关位:
然后通过用于代码签名的钥匙串应用程序创建自签名证书(有关详细信息,请参阅链接)。
然后:
I had this with using ruby installed via rvm.
This was invaluable and is the correct way I think.
http://forums.macnn.com/79/developer-center/355720/how-re-sign-apples-applications-once
I re-signed my rvm/ruby binary and all's well.
Relevant bits:
Then create a self-signed certificate via the Keychains application that is for Code Signing (see link for details).
Then: