noize-e/firewall.sh

## firewall.sh
#!/usr/bin/env bash
set -o errexit
set -o errtrace

usage() {
  printf "\
macOS socketfilterfw decorator.

  firewall [-command] [args]

  -list                     List secured apps status
  -help                     Display descorator help
  -native                   Display socketfilterfw help
  -app     [add <path>]     Block application incoming requests
           [remove <path>]  Whitelist application for in-reqs
  -enable  [1|0]            Turn off the application firewall
                                Enables:
                                  - setblockall
                                  - setstealthmode
                                Disable:
                                  - setallowsigned off
  -status                   Display options:
                                - getglobalstate
                                - getallowsigned
                                - getstealthmode
                                - getloggingopt
                                - getloggingmode
                                - getblockall

"
}


execute(){
  local path='/usr/libexec/ApplicationFirewall/'

  if [[ -f ${path}/socketfilterfw ]] ; then
    sudo ${path}/socketfilterfw $@;
  else
    echo "[err] 'socketfilterfw' binary not found"
    return 0
  fi
}


case "${1:--help}" in
-enable)
        if (( ${2:?err-arg [1|0]} )) ; then
          execute --setglobalstate on
          execute --setblockall on
          execute --setstealthmode on
          execute --setallowsigned off
        else
          execute --setglobalstate off
        fi
        ;;
   -app)
        execute ${2:?err-arg [add|remove]} "${3:?err-arg [path]}"
        ;;
-status)
        execute --getglobalstate
        execute --getstealthmode
        execute --getloggingmode
        execute --getloggingopt
        execute --getblockall
        execute --getallowsigned
        ;;
  -list)
        execute --listapps | while read line; do
          echo "${line}" | awk 'NF'
        done
        ;;
  -help)
        usage
        ;;
-native)
        execute ${2:--help}
        ;;
esac
	#!/usr/bin/env bash
	set -o errexit
	set -o errtrace

	usage() {
	printf "\
	macOS socketfilterfw decorator.

	firewall [-command] [args]

	-list List secured apps status
	-help Display descorator help
	-native Display socketfilterfw help
	-app [add <path>] Block application incoming requests
	[remove <path>] Whitelist application for in-reqs
	-enable [1\|0] Turn off the application firewall
	Enables:
	- setblockall
	- setstealthmode
	Disable:
	- setallowsigned off
	-status Display options:
	- getglobalstate
	- getallowsigned
	- getstealthmode
	- getloggingopt
	- getloggingmode
	- getblockall

	"
	}


	execute(){
	local path='/usr/libexec/ApplicationFirewall/'

	if [[ -f ${path}/socketfilterfw ]] ; then
	sudo ${path}/socketfilterfw $@;
	else
	echo "[err] 'socketfilterfw' binary not found"
	return 0
	fi
	}



	case "${1:--help}" in
	-enable)
	if (( ${2:?err-arg [1\|0]} )) ; then
	execute --setglobalstate on
	execute --setblockall on
	execute --setstealthmode on
	execute --setallowsigned off
	else
	execute --setglobalstate off
	fi
	;;
	-app)
	execute ${2:?err-arg [add\|remove]} "${3:?err-arg [path]}"
	;;
	-status)
	execute --getglobalstate
	execute --getstealthmode
	execute --getloggingmode
	execute --getloggingopt
	execute --getblockall
	execute --getallowsigned
	;;
	-list)
	execute --listapps \| while read line; do
	echo "${line}" \| awk 'NF'
	done
	;;
	-help)
	usage
	;;
	-native)
	execute ${2:--help}
	;;
	esac