How to open a specific port in Firewall OS X 10.9.4
Apple's OS X Mavericks contains three firewalls. First of all, the Application Level Firewall which can be configured using the system settings. But there is also ipfw, a packet filtering firewall like netfilter/iptables on GNU/Linux and pf (FreeBSD/OpenBSD).
You can either configure ipfw using the command line, or using a graphical front-end like the free/libre WaterRoof.
You could start with an ipfw command like:
sudo ipfw add 31010 allow tcp from any to any dst-port 8080
I had the same issue under OS X Yosemite (10.10.3). Found this blog post that provides clear instructions. We can't use ipfw any more, as it's deprecated. Instead, use pfctl, which unfortunately lacks a nice command line way to tell it to open a port. Instead, you need to:
- Open /etc/pf.conf in a text editor.
- Add a line like this:
# Open port 8080 for TCP on all interfaces
pass in proto tcp from any to any port 8080
- Save the file.
- Load the changes with:
sudo pfctl -f /etc/pf.conf
If you need to open a udp port, change tcp
to udp
, if you need both, add a second line. Additional detail can be found in man pf.conf
.
Also make sure your server is listening on the actual interface you want it accessible over (or all interfaces, using 0.0.0.0
or ::0
), not localhost (127.0.0.1
or ::1
).
ipfw is deprecated by Apple. Mountain Lion and later use pfctl.
http://support.apple.com/kb/ht5413
Here's a one liner rather than requiring the user to mess around with Vim. Useful for automation.
sed -i '' -e '$a\pass in proto tcp from any to any port 8080' /etc/pf.conf; pfctl -vnf /etc/pf.conf
Or an alternative for Linux users
sed -i -e '$a\pass in proto tcp from any to any port 8080' /etc/pf.conf; pfctl -vnf /etc/pf.conf
Just make sure you change 8080
in the example to whatever you have in mind. Swap tcp with udp if you like.