Page 1 of 1

How can I disable the ALF firewall

Posted: Fri Dec 04, 2015 8:24 pm
by Andreas
We suggest to turn off ALF and all other network- and application-firewalls when using Murus for the first times. It is easier to understand how Murus affects networking if PF is the only running firewall.

Will it be disabled, when nothing is selected in system preferences?

Is there a terminal command to disable it?

Will Murus rules apply automaticly than?

right now, it looks like only the one selected application in ALF is active, while all Murus rules do not apply...

Thanks.

Re: How can I disable the ALF firewall

Posted: Sat Dec 05, 2015 6:46 pm
by hany
The ALF firewall is the OS X built-in application firewall, and is managed by the OS X System Preferences -> Security and Privacy -> Firewall. Here you just have to disable the firewall.
Murus is a front end for PF, the built-in network firewall. It has nothing to do with ALF, it does not block traffic at application level but at network level. To activate Murus you have to click PLAY. Once activated, rules are active. To automatically activate PF rules at system boot you have to install Murus boot scripts. Murus will ask you whether to install them or not when activating PF.
right now, it looks like only the one selected application in ALF is active, while all Murus rules do not apply...
Forget ALF. If you turn it off, then it's off. Traffic will not be filtered at application level.
Then, if PF is active, then for sure rules do apply. Murus displays the PF status using a led, and you can also install the free Murus Menulet to display PF status in OS X menu bar, without the need to keep Murus running.

Re: How can I disable the ALF firewall

Posted: Sun Dec 06, 2015 6:18 pm
by Andreas
hm. Strange. Firewall is turned off. Nothing is enabled in the System preferences sharing pane.
But I can not access any service on the mashine e.g. apache, mysql, vnc...
All services are added in Murus.
And the pffirewall.log shows all incoming as going to port 53 rule 36.murus.inbound.9/0(match): pass in on en0
But nothing is answering.

Re: How can I disable the ALF firewall

Posted: Tue Dec 08, 2015 1:28 am
by hany
hm. Strange. Firewall is turned off. Nothing is enabled in the System preferences sharing pane.
But I can not access any service on the mashine e.g. apache, mysql, vnc...
All services are added in Murus.
And the pffirewall.log shows all incoming as going to port 53 rule 36.murus.inbound.9/0(match): pass in on en0
But nothing is answering.
This is somehow generic, please be more specific :)
Can you connect to these services locally?
Have you clicked PLAY in Murus to update runtime rules after adding your services?
How are configured these services?

Re: How can I disable the ALF firewall

Posted: Tue Dec 08, 2015 9:16 am
by Andreas
Apples firewall is off in security & privacy/system preferences.
Screensharing + remote login is on in sharing/system prefernces
Murus is on with standard services (web, ftp, mysql etc) + 2 rules to keep 8010, 8100, 8106 and 14555 open inbound
there is no external firewall and the server is directly connected to the internet
(did a local test in a testing environment with the server and a client computer too)

e.g. mysql on port 3306
mysql is running.
I can access mysql localy.
Apache is using mysql without problems.

but I can not conect to mysql remotely:

telnet xxx.xxx.xxx.xxx 3306
Trying xxx.xxx.xxx.xxx...
telnet: connect to address xxx.xxx.xxx.xxx: Connection refused
telnet: Unable to connect to remote host

or via Sequel Pro: Can't connect to MySQL server on 'xxx.xxx.xxx.xxx' (61)

Portscan says: only port 22, 80, 5900 give respons.

Same result when i ask Murus to stop the PF firewall.

What am I missing?

Re: How can I disable the ALF firewall

Posted: Tue Dec 08, 2015 1:16 pm
by hany
Same result when i ask Murus to stop the PF firewall.
If you are unable to reach your mysql server from a remote machine when PF is both enabled and disabled then it means that your mysql daemon is listening only to localhost. Please check your mysql configuration file.