Skip to content

Instantly share code, notes, and snippets.

@benubois benubois/pow
Created Sep 13, 2012

Embed
What would you like to do?
Enable and disable the pow firewall rule for Cisco AnyConnect
#!/usr/bin/env bash
# Set up the environment.
set -e
POW_ROOT="$HOME/Library/Application Support/Pow"
POW_CURRENT_PATH="$POW_ROOT/Current"
POW_VERSIONS_PATH="$POW_ROOT/Versions"
POWD_PLIST_PATH="$HOME/Library/LaunchAgents/cx.pow.powd.plist"
FIREWALL_PLIST_PATH="/Library/LaunchDaemons/cx.pow.firewall.plist"
# Read the firewall plist, if possible, to figure out what ports are in use.
if [[ -a "$FIREWALL_PLIST_PATH" ]]; then
ports=($(ruby -e'puts $<.read.scan(/fwd .*?,([\d]+).*?dst-port ([\d]+)/)' "$FIREWALL_PLIST_PATH"))
HTTP_PORT=${ports[0]}
DST_PORT=${ports[1]}
fi
# Assume reasonable defaults otherwise.
[[ -z "$HTTP_PORT" ]] && HTTP_PORT=20559
[[ -z "$DST_PORT" ]] && DST_PORT=80
case $1 in
"enable")
sudo ipfw add fwd 127.0.0.1,$HTTP_PORT tcp from any to me dst-port $DST_PORT in && sysctl -w net.inet.ip.forwarding=1
;;
"disable")
# Try to find the ipfw rule and delete it.
RULE=$(sudo ipfw show | (grep ",$HTTP_PORT .* dst-port $DST_PORT in" || true) | cut -f 1 -d " ")
[[ -n "$RULE" ]] && sudo ipfw del "$RULE"
;;
*)
echo "Usage pow <action>"
echo ""
echo " enable"
echo " disable"
;;
esac
@cliftonlabrum

This comment has been minimized.

Copy link

cliftonlabrum commented Nov 5, 2012

Forgive my ignorance, but is the above something one should execute once as a bash script, or is this to be added to ~/.powconfig or something?

@cliftonlabrum

This comment has been minimized.

Copy link

cliftonlabrum commented Nov 5, 2012

Disregard. I got it to work. :)

@bbohling

This comment has been minimized.

Copy link

bbohling commented Nov 13, 2012

What did you do to get it to work?

@cliftonlabrum

This comment has been minimized.

Copy link

cliftonlabrum commented Nov 26, 2012

Here's what I did:

  1. Save the above code to pow.sh
  2. In Terminal, browse to where you saved that script.
  3. Then type ./pow.sh disable
@cliftonlabrum

This comment has been minimized.

Copy link

cliftonlabrum commented Nov 26, 2012

It seems I have to do this every time I reboot my computer, though. Is there a permanent way to delete the ipfw rule?

@weyus

This comment has been minimized.

Copy link

weyus commented Oct 2, 2014

Wait, is this to allow the firewall rule to work alongside Cisco AnyConnect (which seems to disable it by default), or is there some other purpose?

@andreineculau

This comment has been minimized.

Copy link

andreineculau commented Jan 23, 2015

hmm ipfw got removed in yosemite..

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.