macOS Monterey scrip to check if the Firewall is switched on

[UweAll]

Dear Forum, I have a question in regards to scripting. I want to check if the firewall on my system is enabled.

This terminal command:

 /usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate

returns following:

Firewall is enabled. (State = 1)

That is all fine and correct! However if I use this script:

#!/bin/zsh

# check if Firewall is enabled
if ( "/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate" ) ; then
    echo "Firewall is Enabled"       
else
    echo "Firewall is DISABLED"
fi
exit

It will always return:

Firewall is DISABLED

no matter if it is running or not.

I think the problem lies in the argument. I tried this:

if ( "/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate" = 1 ) ; then

and this:

if ( "/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate" = “Firewall is enabled. (State = 1)“ ) ; then

and a couple of other variations but same result: "Firewall is DISABLED"

How needs the argument look like to check if a service is running on my computer?
Thanks,
Uwe

 

[MReeve]

Dear Forum, I have a question in regards to scripting. I want to check if the firewall on my system is enabled.

This terminal command:

 /usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate

returns following:

Firewall is enabled. (State = 1)

That is all fine and correct! However if I use this script:

#!/bin/zsh

# check if Firewall is enabled
if ( "/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate" ) ; then
    echo "Firewall is Enabled"      
else
    echo "Firewall is DISABLED"
fi
exit

It will always return:

Firewall is DISABLED

no matter if it is running or not.

I think the problem lies in the argument. I tried this:

if ( "/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate" = 1 ) ; then

and this:

if ( "/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate" = “Firewall is enabled. (State = 1)“ ) ; then

and a couple of other variations but same result: "Firewall is DISABLED"

How needs the argument look like to check if a service is running on my computer?
Thanks,
Uwe

Not very elegant, but you could do;

if /usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate | grep -q 'enabled'; then echo "Firewall is Enabled"; else echo "Firewall is DISABLED"; fi

 

[UweAll]

I found a solution that works. I want to check at startup / login if the firewall is running and take actions if it does not. This is the solution I came up with that does not require root access or password entry either.

#!/bin/bash


if /usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate | grep -q 'enabled' ; then
    fw='1'
else
    fw='0'
fi

if [ $fw == "0" ] ; then
    
    networksetup -setairportpower en0 off &
    osascript -e 'tell app "Finder" to display dialog "The Firewall is OFF! Wifi switched off" with title "FIREWALL IMPORTANT"'
    

else
    networksetup -setairportpower en0 on
    
fi

osascript -e 'tell application "Terminal" to close (every window whose name contains ".command")' &
    exit &
    killall Terminal

Happy to hear if anyone has a better option, otherwise this thread can be closed.
Thanks,
Uwe

 

[bogdanw]

You can use AppleScript, save it as an app

set FirewallState to do shell script "/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate"
if FirewallState = "Firewall is disabled. (State = 0)" then
    do shell script "networksetup -setairportpower en0 off"
    display dialog "The Firewall is OFF! Wi-Fi switched off" with title "FIREWALL IMPORTANT"
else if FirewallState = "Firewall is enabled. (State = 1)" then
    do shell script "networksetup -setairportpower en0 on"
    display dialog "Firewall is enabled. Wi-Fi switched on"
else
    display dialog "Firewall state is unknown"
end if

 

[UweAll]

Thanks @bogdanw for your suggestion! AppleScript is something I have not touched yet, as I was used to shell scripting already. But good point!

However, your script does not work on my MacBookAir M1 with MacOS 12.12.1. My intuition is that the brackets from the returned result "(State = 0)" indicate to run a program or a command, and hence it does not enter the first two if loops and always returns the last else: "Firewall state is unknown".

That is the reason why I included the workaround with the first if loop: "| grep -q 'enabled'" and set the variable to fw=1. That results in a working script. But I am sure if I'd apply the same workaround to your script it will work for me too!

Thanks for your input, I will definitely look further into applescripts! Good point!

 

[bogdanw]

Sorry, I’ve only tested with the firewall turned off and it was working.
It’s strange that Firewall is disabled. (State = 0) is accepted by AppleScript, but Firewall is enabled. (State = 1) goes to unknown.
There is another way to tell if the firewall is on or off

defaults read /Library/Preferences/com.apple.alf globalstate

returns 1 or 0

 

[bogdanw]

I’ve found the error, the result when the firewall is on has a space at the end of the result: "Firewall is enabled. (State = 1) "
This should work

set FirewallState to do shell script "/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate"
if FirewallState = "Firewall is disabled. (State = 0)" then
    do shell script "networksetup -setairportpower en0 off"
    display dialog "The Firewall is OFF! Wi-Fi switched off" with title "FIREWALL IMPORTANT"
else if FirewallState = "Firewall is enabled. (State = 1) " then
    do shell script "networksetup -setairportpower en0 on"
    display dialog "Firewall is enabled. Wi-Fi switched on"
else
    display dialog "Firewall state is unknown"
end if