mirrors/Mole
1
0
Fork 0
mirror of https://github.com/tw93/Mole.git synced 2026-02-11 12:24:20 +00:00
Code Activity

fix: Update firewall management to use socketfilterfw for improved reliability on macOS.

Browse Source
This commit is contained in:
Tw93
2025-12-28 09:39:53 +08:00
parent c8e33931c2
commit 504eda835f
4 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
bin/optimize.sh
View File

@@ -260,8 +260,7 @@ ask_for_security_fixes() {
} }
apply_firewall_fix() { apply_firewall_fix() {
if sudo defaults write /Library/Preferences/com.apple.alf globalstate -int 1; then if sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on > /dev/null 2>&1; then
sudo pkill -HUP socketfilterfw 2> /dev/null || true
echo -e " ${GREEN}${ICON_SUCCESS}${NC} Firewall enabled" echo -e " ${GREEN}${ICON_SUCCESS}${NC} Firewall enabled"
FIREWALL_DISABLED=false FIREWALL_DISABLED=false
return 0 return 0

6
lib/check/all.sh
View File

@@ -113,10 +113,10 @@ check_filevault() {
check_firewall() { check_firewall() {
# Check whitelist # Check whitelist
if command -v is_whitelisted > /dev/null && is_whitelisted "firewall"; then return; fi if command -v is_whitelisted > /dev/null && is_whitelisted "firewall"; then return; fi
# Check firewall status # Check firewall status using socketfilterfw (more reliable than defaults on modern macOS)
unset FIREWALL_DISABLED unset FIREWALL_DISABLED
local firewall_status=$(defaults read /Library/Preferences/com.apple.alf globalstate 2> /dev/null || echo "0") local firewall_output=$(sudo /usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate 2> /dev/null || echo "")
if [[ "$firewall_status" == "1" || "$firewall_status" == "2" ]]; then if [[ "$firewall_output" == *"State = 1"* ]] || [[ "$firewall_output" == *"State = 2"* ]]; then
echo -e " ${GREEN}${NC} Firewall Network protection enabled" echo -e " ${GREEN}${NC} Firewall Network protection enabled"
else else
echo -e " ${YELLOW}${ICON_WARNING}${NC} Firewall ${YELLOW}Network protection disabled${NC}" echo -e " ${YELLOW}${ICON_WARNING}${NC} Firewall ${YELLOW}Network protection disabled${NC}"

2
lib/manage/autofix.sh
View File

@@ -132,7 +132,7 @@ perform_auto_fix() {
# Fix Firewall # Fix Firewall
if [[ -n "${FIREWALL_DISABLED:-}" && "${FIREWALL_DISABLED}" == "true" ]]; then if [[ -n "${FIREWALL_DISABLED:-}" && "${FIREWALL_DISABLED}" == "true" ]]; then
echo -e "${BLUE}Enabling Firewall...${NC}" echo -e "${BLUE}Enabling Firewall...${NC}"
if sudo defaults write /Library/Preferences/com.apple.alf globalstate -int 1 2> /dev/null; then if sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on > /dev/null 2>&1; then
echo -e "${GREEN}${NC} Firewall enabled" echo -e "${GREEN}${NC} Firewall enabled"
((fixed_count++)) ((fixed_count++))
fixed_items+=("Firewall enabled") fixed_items+=("Firewall enabled")

1
tests/autofix.bats
View File

@@ -76,6 +76,7 @@ sudo() {
echo "Installing Rosetta 2 stub output" echo "Installing Rosetta 2 stub output"
return 0 return 0
;; ;;
/usr/libexec/ApplicationFirewall/socketfilterfw) return 0 ;;
*) return 0 ;; *) return 0 ;;
esac esac
} }