I have a server process that I am developing that opens listening TCP sockets. Each time that happens, the firewall opens a dialog with the text "Do you want the application “server” to accept incoming network connections?", prompting me to "Allow" or "Deny" this program rights to bypass the firewall. I never need to allow, since I only ever connect to this server while developing from the local machine.
This dialog is incredibly inconvenient and poorly behaved from a UX perspective, and in some cases, I have literally dozens of instances of this thing coming into being and terminating as automated tests are run. The barrage of dialogs is frustrating, to say the least.
I'd really like to permanently suppress this dialog in some fashion. Things that I am not interested in doing:
- Turning off the firewall
- Adding a port exclusion (the test suite runs the server on different ports each time to avoid conflicts due to parallel test execution).
- Any sort of "signing" step, since the binary is frequently regenerated, and therefore I would need to integrate the signing step into my build process.
- Needing to run as root or start the server with additional privs, for obvious reasons, and because much of the test suite is automated.
Any thoughts how to make this incredibly irritating dialog go away?
Best Answer
I fully understand your needs, but do not know specific answer.
Since you are a programer,you will be able to figure it out using the
Configuring IPFW firewalls on OS X
if you need special features like:
Firewall filters that include qualifiers on host or network addresses
Firewall filters that operate on other than TCP or UDP protocols
Firewall filters that include the whole range of ipfw qualifiers,
such as IP options, ICMP types or TCP flags
Per-filter logging configuration, including the ability to log
allowed connections and the option to not log certain types of denied connections
NAT port forwarding or other custom NAT configuration
Different filter configurations on different network interfaces.
A persistant, searchable firewall log entry database with graphical log viewer
Scriptable control of your firewall, such as via cron or other shell automation
...then you should consider using Flying Buttress.
The Author has stopped supporting it, but can be reached here:
Web site http://personalpages.tds.net/~brian_hill
Support web site http://personalpages.tds.net/~brian_hill
Support e-mail brianhill@mac.com
One more try: with something called Little Snitch
Silent Mode – Decide Later
There are times where you don’t want to get interrupted by any network related notifications. With Silent Mode you can quickly choose to silence all connection warnings for a while. You can then later review the Silent Mode Log to define permanent rules for connection attempts that occurred during that time.