From 8b9436e244cb744d149d5c4a43fb4e9358b1c32f Mon Sep 17 00:00:00 2001 From: tw93 Date: Tue, 27 Jan 2026 20:04:29 +0800 Subject: [PATCH] feat(check): detect third-party firewalls before built-in check (#374) Support Little Snitch, LuLu, Radio Silence, Hands Off!, Murus, Vallum. --- lib/check/all.sh | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/lib/check/all.sh b/lib/check/all.sh index e2324e3..ee100cd 100644 --- a/lib/check/all.sh +++ b/lib/check/all.sh @@ -112,8 +112,31 @@ check_filevault() { check_firewall() { # Check whitelist if command -v is_whitelisted > /dev/null && is_whitelisted "firewall"; then return; fi - # Check firewall status using socketfilterfw (more reliable than defaults on modern macOS) + unset FIREWALL_DISABLED + + # Check third-party firewalls first (lightweight path-based detection, no sudo required) + local third_party_firewall="" + if [[ -d "/Applications/Little Snitch.app" ]] || [[ -d "/Library/Little Snitch" ]]; then + third_party_firewall="Little Snitch" + elif [[ -d "/Applications/LuLu.app" ]]; then + third_party_firewall="LuLu" + elif [[ -d "/Applications/Radio Silence.app" ]]; then + third_party_firewall="Radio Silence" + elif [[ -d "/Applications/Hands Off!.app" ]]; then + third_party_firewall="Hands Off!" + elif [[ -d "/Applications/Murus.app" ]]; then + third_party_firewall="Murus" + elif [[ -d "/Applications/Vallum.app" ]]; then + third_party_firewall="Vallum" + fi + + if [[ -n "$third_party_firewall" ]]; then + echo -e " ${GREEN}✓${NC} Firewall ${third_party_firewall} active" + return + fi + + # Fall back to macOS built-in firewall check local firewall_output=$(sudo /usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate 2> /dev/null || echo "") if [[ "$firewall_output" == *"State = 1"* ]] || [[ "$firewall_output" == *"State = 2"* ]]; then echo -e " ${GREEN}✓${NC} Firewall Network protection enabled"