Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: [launchd] Creating a basic firewall
Operating Systems OS X (Apple) [launchd] Creating a basic firewall Post 302373854 by ASGR on Sunday 22nd of November 2009 06:33:09 PM
Old 11-22-2009
[launchd] Creating a basic firewall
Hi,

I'm trying to use launchd to detect whether certain ports are opened
and if they are then to take some appropriate action, e.g. close the
port or, worst case scenario, down the whole net connection. Apparently,
force closing a port is not possible without killing the offending binary so
the next best option was to down the network connection.

In this particular example, the LaunchDaemon is supposed to monitor
whether a list of ports are activated, whilst the network state is true, and
if so then close the network connection.

Unfortunately, the 'Sockets -> Listeners' properties create ports that
meets the condition to down the network connection and not 'if' they are
created. Therefore, as soon as it is deployed, the network connection is
taken offline.

Due to the lack of documentation regarding launchd, I've not been able
to even determine if this approach is even possible.

Can anyone help?

A.

Code:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>Disable</key>
	<false/>
	<key>Label</key>
	<string>net.localhost.ports</string>
	<key>Program</key>
	<string>/sbin/ifconfig</string>
	<key>ProgramArguments</key>
	<array>
		<string>ifconfig</string>
		<string>en0</string>
		<string>down</string>
	</array>
	<key>KeepAlive</key>
	<dict>
		<key>NetworkState</key>
		<true/>
	</dict>
	<key>Sockets</key>
	<dict>
		<key>Listeners</key>
		<array>
			<dict>
				<key>SockServiceName</key>
				<string>8787</string>
				<key>SockType</key>
				<string>stream</string>
			</dict>
			<dict>
				<key>SockServiceName</key>
				<string>31337</string>
				<key>SockType</key>
				<string>stream</string>
			</dict>
			<dict>
				<key>SockServiceName</key>
				<string>31337</string>
				<key>SockType</key>
				<string>dgram</string>
			</dict>
			<dict>
				<key>SockServiceName</key>
				<string>31338</string>
				<key>SockType</key>
				<string>stream</string>
			</dict>
			<dict>
				<key>SockServiceName</key>
				<string>31338</string>
				<key>SockType</key>
				<string>dgram</string>
			</dict>
			<dict>
				<key>SockServiceName</key>
				<string>54320</string>
				<key>SockType</key>
				<string>stream</string>
			</dict>
			<dict>
				<key>SockServiceName</key>
				<string>54321</string>
				<key>SockType</key>
				<string>stream</string>
			</dict>
			<dict>
				<key>SockServiceName</key>
				<string>54321</string>
				<key>SockType</key>
				<string>dgram</string>
			</dict>
		</array>
	</dict>
</dict>
</plist>



---------- Post updated at 07:33 PM ---------- Previous update was at 03:15 PM ----------

Additional...

Just got off the forum at macosxhints.com and apparently
launchd can't detect whether a connection to a socket/port
has been made making my quick-fix approach futile.

Unless someone knows any hacks.

A.
Last edited by ASGR; 11-22-2009 at 07:34 PM.. Reason: spelling
 

5 More Discussions You Might Find Interesting

1. OS X (Apple)

interval in a launchd script

Hi, i'm planning a to automate my backup with a rsync user deamon in my launchd and let that run every 2 hours. my server contains a lot of video data which can expand rapidly , up to 1TB, in an interval of 2 hours. now i'm wondering what will happen when a rsync is running longer then the... (1 Reply)
Discussion started by: wessel
1 Replies

2. Programming

Creating a basic UNIX shell script for chatting

Hey guys, This is quite simply what I'm trying to make: A program that runs in a UNIX terminal that you can output text messages to from another machine. These text messages would be prepended with a customized prompt. I'd also like to have the window spew out random dumps of flavor text not... (1 Reply)
Discussion started by: AcerAspirant
1 Replies

3. UNIX for Dummies Questions & Answers

Launchd-owned processes unexpected behavior

Ok, so I have been struggling with this for a few days and I think I need an explanation of a few things before I go any further. I'm not sure it's possible to do what I'm trying, so before I pull my hair out, here is what I'm doing: I have written a program in LiveCode that sits on our... (2 Replies)
Discussion started by: nextyoyoma
2 Replies

4. Shell Programming and Scripting

Expect command when triggered by launchd

Hi folks, Im having trouble with an expect command in a shell script I use to back up mac os x servers. This one is being run on a 10.8.2 Server as part of a larger bash script. The script executes perfectly all the way through when triggered on the command line, but when launchd triggers it at... (4 Replies)
Discussion started by: rowie718
4 Replies

5. IP Networking

iptables nat/masquerade - how to act as a basic firewall?

edit: SOLVED - see below for solution Hi there, I've inherited a gob of Linux hosts and so am learning linux from the bottom of the deep end of the pool (gotta say I'm warming up to Linux though - it's not half bad) Right now iptables is confusing me and I could use some pointers as to how... (0 Replies)
Discussion started by: Smiling Dragon
0 Replies
All times are GMT -4. The time now is 12:37 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy