-
-
Save benubois/3718344 to your computer and use it in GitHub Desktop.
Enable and disable the pow firewall rule for Cisco AnyConnect
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# Set up the environment. | |
set -e | |
POW_ROOT="$HOME/Library/Application Support/Pow" | |
POW_CURRENT_PATH="$POW_ROOT/Current" | |
POW_VERSIONS_PATH="$POW_ROOT/Versions" | |
POWD_PLIST_PATH="$HOME/Library/LaunchAgents/cx.pow.powd.plist" | |
FIREWALL_PLIST_PATH="/Library/LaunchDaemons/cx.pow.firewall.plist" | |
# Read the firewall plist, if possible, to figure out what ports are in use. | |
if [[ -a "$FIREWALL_PLIST_PATH" ]]; then | |
ports=($(ruby -e'puts $<.read.scan(/fwd .*?,([\d]+).*?dst-port ([\d]+)/)' "$FIREWALL_PLIST_PATH")) | |
HTTP_PORT=${ports[0]} | |
DST_PORT=${ports[1]} | |
fi | |
# Assume reasonable defaults otherwise. | |
[[ -z "$HTTP_PORT" ]] && HTTP_PORT=20559 | |
[[ -z "$DST_PORT" ]] && DST_PORT=80 | |
case $1 in | |
"enable") | |
sudo ipfw add fwd 127.0.0.1,$HTTP_PORT tcp from any to me dst-port $DST_PORT in && sysctl -w net.inet.ip.forwarding=1 | |
;; | |
"disable") | |
# Try to find the ipfw rule and delete it. | |
RULE=$(sudo ipfw show | (grep ",$HTTP_PORT .* dst-port $DST_PORT in" || true) | cut -f 1 -d " ") | |
[[ -n "$RULE" ]] && sudo ipfw del "$RULE" | |
;; | |
*) | |
echo "Usage pow <action>" | |
echo "" | |
echo " enable" | |
echo " disable" | |
;; | |
esac |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Wait, is this to allow the firewall rule to work alongside Cisco AnyConnect (which seems to disable it by default), or is there some other purpose?