How do I get the Mac OS X Firewall to permanently allow my iOS app?

Question

I'm writing an iOS app that acts as, among other things, a telnet server. Naturally, it begins listening for connections as soon as it starts.

When I run the app in the Simulator, Mac OS X (I happen to be on 10.7.3) prompts me to Allow or Deny my application to accept incoming network connections. This is the standard Firewall message that Mac OS X uses for all unsigned, networked applications.

I grow weary of clicking "Allow" fifty or more times a day, and so I seek a way of permanently adding my app to the Firewall's list of permitted apps.

I've tried the following.

Open Activity Monitor while my app is running.
Select my app. Click "Inspect".
Go to the Open Files and Ports tab. One of the first lines is the precise path to my app. Copy and paste this path.
Open the Firewall... Advanced settings.
Click the + (add) button.
Browse to the application path and select it, thus adding it to the list of applications for which incoming connections are allowed.

In the last step there's a significant decision. You could add either the .app application package, or Show Contents on that package and add the "Unix executable" within. I've tried both approaches.

Interestingly, Firewall will in fact stop warning you about the app—for a while. After a few runs, however—it isn't clear to me what event actually causes this change, but it happens within half an hour or so for me, generally speaking—Firewall begins warning about the app again.

How do I set Firewall to permanently Allow my iOS app?

Naturally, I could bypass this whole problem by disabling the Mac OS X firewall. I could also avoid ever again getting a splinter in my foot by chopping it off. Neither of these courses of action recommend themselves to me.

What would you suggest?

Have you tried adding the **simulator** to the list that allows incoming connections? — lnafziger, Mar 23 '12 at 19:47
@lnafziger: Adding the Simulator doesn't work. The app runs out of process. — vocaro, Nov 25 '12 at 22:57

score 34 · Answer 1 · answered Oct 16 '16 at 06:58

34

So we want to suppress the following dialog

Do you want the application “NNN.app” to accept incoming network connections?

which appear on every activation of the Xcode iOS simulator. I believe there is now a solution for that. Basing my answer on this blog.

Simply run the following commands in a Terminal window:

#temporarily shut firewall off:
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate off

#put Xcode as an exception:
/usr/libexec/ApplicationFirewall/socketfilterfw --add /Applications/Xcode.app/Contents/MacOS/Xcode

#put iOS Simulator as an exception:
/usr/libexec/ApplicationFirewall/socketfilterfw --add /Applications/Xcode.app/Contents/Developer/Applications/Simulator.app/Contents/MacOS/Simulator

#re-enable firewall:
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on

For me it worked. Please note simulator address is according to Xcode 8.

answered Oct 16 '16 at 06:58

ishahak

6,585
5
38
56

Thanks @ishahak, it helped. Still strange Apple does not trust it's own software in firewall. – Ivan Oct 17 '16 at 08:51
This worked for me where manually adding the executable (Electron, in my case) to the Security & Firewall panel didn't. – Mattie Jun 07 '17 at 18:40
3

I had to run these commands each time I logged into my Mac. So I ended up using Lingon X (www.peterborgapps.com/lingon) to execute these commands from a shell script at login as root, so removed the "sudo" prefix from the first and last lines of the script. – lifjoy Jun 27 '17 at 18:36
It appears that as of Catalina and Big Sur, this solution is no longer working. The script gives me a "The file path you specified is invalid" for the two lines in the middle of the script. This looks to be the same as this issue mentioned here: https://developer.apple.com/forums/thread/666222 – Chucky Feb 19 '21 at 11:32

score 16 · Accepted Answer · answered Apr 04 '12 at 13:11

16

After dabbling with this for some time, I found that manually adding the executable itself to the Firewall "Allow" list gives the desired result. You don't add the .app, but rather the "Unix" executable inside the .app's Contents folder. I believed I had tried this file before without success, but currently it's working.

answered Apr 04 '12 at 13:11

OldPeculier

11,049
13
50
76

3

I wonder what else you did to make it work, because this solution is not working for me :-\ – Brian Dec 03 '15 at 22:47

score 4 · Answer 3 · answered Mar 23 '12 at 21:11

I think the best solution might be to script the process of okaying your app to the firewall.

If I recall correctly, the latest OSX firewall is actually clever about identifying apps and fingerprints the allowed binaries. This prevents the surprisingly effective tactic of just naming your malware "system32.exe" &c to evade the firewall. If that's the case, your app will be (correctly) blocked for not being the same binary that was okayed, and there's not really any way around it.

So, try scripting the firewall allowing process and incorporate that into the build process.

@blahdiblah I don't believe it's possible to script it. Firewall offers no AppleScript library, nor would a shell script be of use. — OldPeculier, Apr 04 '12 at 13:08

Blaz · Answer 4 · 2013-04-15T14:21:00.087

I never had luck with manually adding the executable to the firewall's allowed-list. Here's a solution using an automated mouse click:

Download CLIclick. (Thank you Carsten.)
Put it in a suitable location, say /usr/local/bin.
Get the Allow button's screen coordinates using ⌘⇧4. (In my example, these are x: 750, y: 600.)
Create a script with this content (the w: is the wait time in ms):
```
/usr/local/bin/cliclick c:750,600 w:1500 m:+0,+0 c:.
```
(I couldn't get CLIclick to work without "moving" it to the same location (the m:+0,+0 part) and clicking again at the same spot with c:..)
Open Xcode's Preferences / Behaviors and add the above script.
Enjoy!

This is the most convoluted workaround I've ever seen for a firewall rule. I admire your tenacity, but this is another blow to my enjoyment of OSX... — trojjer, Mar 13 '15 at 11:50

score -2 · Answer 5 · answered Jan 20 '15 at 12:27

-2

I don't know if it is the right way but for me worked.

Turn off the firewall
Connect with the iphone app to your mac
Check if everything in the connection working
Turn on the firewall

answered Jan 20 '15 at 12:27

user4473959

1

I'm using MacOS 10.15.7 and found that (sudo) turning the firewall OFF and then ON seems to allow any app to allow incoming connections. This solve the problem for my python app but raises some Security questions in my mind... – retsigam Nov 16 '21 at 21:54

How do I get the Mac OS X Firewall to permanently allow my iOS app?

5 Answers5

Linked