Page 1 of 1

Default rule for "loginwindow" allows any connection

Posted: Sat Nov 05, 2011 10:07 pm
by muzso
It seems to be a bit of an overkill to give full network access to the localwindow app by default. :-o I'm not familiar with the protocols used during Mac OS X network user logins, but I guess the process uses at most only a few ports (if it's not just a single TCP port). It'd be even better if if this rule was a calculated one as well (like the default rule for the local network), ie. it'd only allow access for the loginwindow app to the login server that the given Mac is set to use.

Re: Default rule for "loginwindow" allows any connection

Posted: Sat Nov 05, 2011 10:16 pm
by muzso
Never mind. Now I see that there're lots of default (protected) rules allowing full network access to various OS X services. Apparently LS applies an "opt-out" strategy (it causes less problems for users if the default rules are more permissive). Then I'll just set whatever I see fit. Sorry for posting without going over all the rules first.