Links
- A Cheat Sheet For Using pf in OS X Lion and Up | Krypted.com
- http://krypted.com/mac-os-x/the-os-x-application-layer-firewall-part-3-lion/
- IceFloor is said to be a free GUI based config to
pfctl
Allowing nginx to receive incoming connections with ALF (Application Level Firewall) enabled
Refer my local edit.
The Application Level Firewall (ALF) seems to block nginx from accepting
connections even when an exception has been added. The solution appears to be
to add it explicitly to the "firewall" section (instead of "applications"
section that the System Preferences uses.) The .plist in this directory has
already made the edit. However, directly copying this to replace
/Library/Preferences/com.apple.alf.plist isn't enough - it gets replaced. You
have to unload the firewall, replace the file, and then reload it to have it
take effect.
sudo launchctl unload /System/Library/LaunchAgents/com.apple.alf.useragent.plist sudo launchctl unload /System/Library/LaunchDaemons/com.apple.alf.agent.plist sudo cp ~/ck/ck5/customize/mac/Library_Preferences_com.apple.alf.plist /Library/Preferences/com.apple.alf.plist sudo launchctl load /System/Library/LaunchDaemons/com.apple.alf.agent.plist sudo launchctl load /System/Library/LaunchAgents/com.apple.alf.useragent.plist
Then confirm that /Library/Preferences/com.apple.alf.plist still has the entry for nginx.
My local edit essentially just adds this:
…
<key>firewall</key>
<dict>
…
<key>nginx</key>
<dict>
<key>proc</key>
<string>nginx</string>
<key>state</key>
<integer>0</integer>
</dict>
<dict>
…