[OpenAFS] Mac OS X 10.6.x: Appropriate Firewall Settings for
OpenAFS Client
Derrick Brashear
shadow@gmail.com
Thu, 21 Jul 2011 09:55:51 -0400
On Thu, Jul 21, 2011 at 9:43 AM, Sergio Gelato
<Sergio.Gelato@astro.su.se> wrote:
> * Duncan S Kincaid [2010-07-30 15:39:41 -0400]:
>> Mac OS X firewall GUI is application-based. Would adding
>> /Library/OpenAFS/Tools/root.client/usr/vice/etc/afsd
>> [...] to the 'Allowed Applications' pane be sufficient
>> to ensure proper ports are opened?
>
> Has anyone succeeded in making OpenAFS work with the Application Firewall
> in Mac OS X? I've just tried with OpenAFS 1.6.0pre7 on a 10.6.8 system,
> adding /usr/sbin/afsd to the list of applications allowed to accept incom=
ing
> connections, and I still can't connect to 7001/udp with rxdebug. The only=
way
> I was able to get a response on that port was by turning off the applicat=
ion
> firewall entirely.
>
> On a possibly related note, I see that
> =A0 =A0 =A0 =A0sudo lsof -i UDP:7001
> doesn't print anything, even though the port is listed as open by netstat=
.
> This is in contrast with other UDP ports (123, 5353).
>
> The application firewall configuration GUI won't let me bless afs.kext,
> perhaps on the not entirely unreasonable grounds that kernel extensions
> aren't applications.
after "automatically allow signed..." (in Advanced) was enabled, it
"just works" for me, and i have appfw on at all times.
--=20
Derrick