[OpenAFS] Mac OS X 10.6.x: Appropriate Firewall Settings for OpenAFS Client

Sergio Gelato Sergio.Gelato@astro.su.se
Thu, 21 Jul 2011 15:43:12 +0200


* Duncan S Kincaid [2010-07-30 15:39:41 -0400]:
> Mac OS X firewall GUI is application-based. Would adding 
> /Library/OpenAFS/Tools/root.client/usr/vice/etc/afsd
> [...] to the 'Allowed Applications' pane be sufficient 
> to ensure proper ports are opened?

Has anyone succeeded in making OpenAFS work with the Application Firewall
in Mac OS X? I've just tried with OpenAFS 1.6.0pre7 on a 10.6.8 system, 
adding /usr/sbin/afsd to the list of applications allowed to accept incoming 
connections, and I still can't connect to 7001/udp with rxdebug. The only way 
I was able to get a response on that port was by turning off the application 
firewall entirely.

On a possibly related note, I see that
	sudo lsof -i UDP:7001
doesn't print anything, even though the port is listed as open by netstat.
This is in contrast with other UDP ports (123, 5353). 

The application firewall configuration GUI won't let me bless afs.kext,
perhaps on the not entirely unreasonable grounds that kernel extensions
aren't applications.