[petsc-dev] MacOS firewall annoyance while running tests + solution

Fri Aug 28 22:47:08 CDT 2020

On Fri, Aug 28, 2020 at 11:44 PM Satish Balay <balay at mcs.anl.gov> wrote:

> Likely firewall is disabled.
>
> I've recently rebuild a bunch of boxes  - and don't remember explicity
> disabling firewall. [well I did something to enable ssh - maybe that was
> disabling firewall]
>
> I see the firewall is disabled on all of them
>

You are right, as always.

  Thanks,

     Matt

> balay at ypro ~ % defaults read /Library/Preferences/com.apple.alf
> globalstate
> 0
> balay at ypro ~ %
>
> Ref:
> https://raymii.org/s/snippets/OS_X_-_Turn_firewall_on_or_off_from_the_command_line.html
>
> BTW: Perhaps the following setting will prevent popups? [but it might
> break stuff that need network?]
>
> sudo defaults write /Library/Preferences/com.apple.alf globalstate -int 2
>
> Satish
>
> On Fri, 28 Aug 2020, Matthew Knepley wrote:
>
> > Which OS is this? It does not happen on my Catalina.
> >
> >   Thanks,
> >
> >     Matt
> >
> > On Fri, Aug 28, 2020 at 10:52 PM Barry Smith <bsmith at petsc.dev> wrote:
> >
> > >
> > >
> > > On Aug 28, 2020, at 3:47 PM, Jed Brown <jed at jedbrown.org> wrote:
> > >
> > > "Hapla  Vaclav" <vaclav.hapla at erdw.ethz.ch> writes:
> > >
> > > On MacOS, maybe you also have lots of firewall popups
> > > appearing/disappearing when running tests like
> > >  Do you want the application "ex29" to accept incoming network
> connections?
> > >
> > >
> > > Is there a way to express that the application does not need (should
> not
> > > accept) incoming connections?
> > >
> > >
> > >   Yes, this also seems to work:
> > >
> > > sudo $$FW --block $$APP
> > >
> > > instead of
> > >
> > > sudo $$FW --unblock $$APP
> > >
> > > The parallel program still runs correctly to conclusion without the
> popup.
> > >
> > >   So my conclusion is that at listen() or some later system call it
> always
> > > pops up the window (unless the user as already blocked or unblocked the
> > > executable) without regard to whether an outside  (from the machine)
> > > connection to the process is attempted.
> > >
> > >  The routine has an undocumented option -a <listen or accept> when you
> run
> > > with
> > >
> > > /usr/libexec/ApplicationFirewall/socketfilterfw -d -a accept
> > >
> > > it prints ASKWHENACCEPT  which seems to indicate it will delay the
> popup
> > > until an accept is called but I can't confirm this because the debugger
> > > never stops in accept on one process but the popup still comes up so
> this
> > > argument may be ignored.
> > >
> > > If I were Junchao I would not do the popup until the code tried to
> > > accepted an EXTERNAL connection (the lazy evaluation) but I cannot get
> it
> > > to behave this way.
> > >
> > > If I disconnect from the network I still get the popups.
> > >
> > > The pop up is asynchronous also, when the popup is still up the program
> > > keeps run (even in parallel) and ends normally. Then the popup
> disappears.
> > >
> > >  Apple could make this friendly without hurting security but then Apple
> > > never cared about external developers for the Mac.
> > >
> > >
> > >
> > > Normalizing sudo during build/testing seems really bad.
> > >
> > >
> > >
> >
> >
>
>

-- 
What most experimenters take for granted before they begin their
experiments is infinitely more interesting than any results to which their
experiments lead.
-- Norbert Wiener

https://www.cse.buffalo.edu/~knepley/ <http://www.cse.buffalo.edu/~knepley/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mcs.anl.gov/pipermail/petsc-dev/attachments/20200828/1c97d1f4/attachment.html>