How can I open a port (not application) in the OS X 10.6 firewall?

Let me preface this by saying:

  • I do not want to drop my firewall completely
  • Yes, I really do need particular ports rather than an application.

So I see that there is the option to allow particular applications through the firewall, but no equivalent way of opening ports. It seems hard to believe that this is actually impossible. How can I open a specific TCP port in OS X 10.6 while keeping the rest of the ports firewalled?


Worked for me.

I wanted to open traffic on port 70, so I entered the following:

sudo ipfw add 7000 allow tcp from any to any dst-port 70

The response from the command-prompt was:

07000 allow tcp from any to any dst-port 70

Yes, the 0 was automatically added to the rule #, so it is worth noting that any rule ID < 10,000 will be prefixed by one or more zeroes.


The builtin firewall used by OS X is ipfw. To learn more about it from the Terminal you can enter man ipfw.

To create a new firewall rule to allow incoming traffic on to a particular port you can enter the rule from the Terminal as follows.

sudo ipfw add 40000 allow tcp from any to any dst-port portnum

where portnum is the number of the port you wish opened. In this case I've added a rulenum of 40000 to the rule so that if you ever wanted to remove it the following command will suffice.

sudo ipfw delete 40000

If you enter the command sudo ipfw list you will see the active commands. To reload the firewall issue the command sudo ipfw flush

If you want to log the hits the rule is getting you can add the log command as follows, sudo ipfw add 40000 allow log ...

I chose the rulenum 40000 somewhat arbitrarily as rules exist from 1 to 65535, though certain numbers are privileged. This just makes it easier to delete the rule later, if needed.


The application WaterRoof will be able to let you do this and more.