fix: Update firewall management to use socketfilterfw for improved reliability on macOS.

2026-02-04 23:14:45 +00:00 · 2025-12-28 09:39:53 +08:00
parent c8e33931c2
commit 504eda835f
4 changed files with 6 additions and 6 deletions
--- a/lib/check/all.sh
+++ b/lib/check/all.sh
@@ -113,10 +113,10 @@ check_filevault() {
 check_firewall() {
    # Check whitelist
    if command -v is_whitelisted > /dev/null && is_whitelisted "firewall"; then return; fi
-    # Check firewall status
+    # Check firewall status using socketfilterfw (more reliable than defaults on modern macOS)
    unset FIREWALL_DISABLED
-    local firewall_status=$(defaults read /Library/Preferences/com.apple.alf globalstate 2> /dev/null || echo "0")
-    if [[ "$firewall_status" == "1" || "$firewall_status" == "2" ]]; then
+    local firewall_output=$(sudo /usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate 2> /dev/null || echo "")
+    if [[ "$firewall_output" == *"State = 1"* ]] || [[ "$firewall_output" == *"State = 2"* ]]; then
        echo -e "  ${GREEN}✓${NC} Firewall     Network protection enabled"
    else
        echo -e "  ${YELLOW}${ICON_WARNING}${NC} Firewall     ${YELLOW}Network protection disabled${NC}"
--- a/lib/manage/autofix.sh
+++ b/lib/manage/autofix.sh
@@ -132,7 +132,7 @@ perform_auto_fix() {
    # Fix Firewall
    if [[ -n "${FIREWALL_DISABLED:-}" && "${FIREWALL_DISABLED}" == "true" ]]; then
        echo -e "${BLUE}Enabling Firewall...${NC}"
-        if sudo defaults write /Library/Preferences/com.apple.alf globalstate -int 1 2> /dev/null; then
+        if sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on > /dev/null 2>&1; then
            echo -e "${GREEN}✓${NC} Firewall enabled"
            ((fixed_count++))
            fixed_items+=("Firewall enabled")