$sudo /usr/libexec/ApplicationFirewall/socketfilterfw --listapps
ALF: total number of apps = 2
1 : /Applications/some.app
( Allow incoming connections )
2 : /Applications/another.app
( Block incoming connections )
The above command shows that another.app is a part of my firewall trusted apps list, but it is set to block incoming connections. How can I set it to allow incoming connections from the command line, and make the change effective immediately?
I have had same problem and "solved" the problem by unloading / loading MacPorts httpd with the Mac OS X 10.8 application firewall (socketfilterfw) running. Have no idea why this worked. One clue is as soon as I ran the load a prompt popped up asking whether to allow connections. This despite having already entered the MacPorts httpd application in the filewall options GUI.
sudo port unload apache2sudo port load apache2Before fix:
Aug 27 22:42:59 mac1 socketfilterfw : Deny _ connecting from mac2 to port _ proto=6
During fix:
Aug 27 22:44:05 mac1 socketfilterfw : httpd is listening from :::_ proto=6
After fix:
Aug 27 22:45:32 mac1 socketfilterfw : Allow _ connecting from mac2 to port _ proto=6
I searched for "httpd is listening" and in the past several days this is the only occurrence in the appfilewall log.
Hope this helps someone. I don't know why it worked for me but I have used it twice ... today and about six weeks ago. System reboots ever week.
You can get more info about socketfilterfw by running it with -h:
# /usr/libexec/ApplicationFirewall/socketfilterfw -h
usage: /usr/libexec/ApplicationFirewall/socketfilterfw [-c] [-w] [-d] [-l] [-T] [-U] [-B] [-L] [-a listen or accept] [-s file to sign] [-v file to verify] [-p pid to write] [--getglobalstate] [--setglobalstate on | off] [--getblockall] [--setblockall on | off] [--listapps] [--getappblocked <path>] [--blockapp <path>] [--unblockapp <path>] [--add <path>] [--remove <path>] [--getallowsigned] [--setallowsigned] [--getstealthmode] [--setstealthmode on | off] [--getloggingmode] [--setloggingmode on | off]
...
--unblockapp <path> unblock the application at <path>
So in your case you can do:
# /usr/libexec/ApplicationFirewall/socketfilterfw --unblockapp /Applications/another.app
If you still can't hit it make sure to check ipfw:
# ipfw -a l
65535 0 0 allow ip from any to any
If you have other rules in there you can:
# ipfw flush
To remove them.
If none of that works try disabling them both and seeing if you are still unable to connect:
# sysctl -w net.inet.ip.fw.enable=0
# /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate off
Firewall already disabled
If you are still having problems then theres probably a config issue with apache.
