How to add trusted sites to the Application Layer Filter (socket-filter firewall) on Mac OS X using command-line?

Question

Hello,

I am trying to add trusted sites to Mac OS X's firewall via command-line. I understand that previously, we were able to use ipfw to configure the firewall on a packet level by using port numbers or IPs. In Leopard (10.5) and on, there is a new feature to add a trusted application to a list. This can be accomplished using the UI:

System Preferences > Security > Firewall

As well as using the command-line: socketfilterfw

%sudo /usr/libexec/ApplicationFirewall/socketfilterfw -t "[binary path of application]"

However, I am having problems when I execute the above command, the utility "hangs" and doesn't seem to do anything. This is the output I would receive, and then does nothing:

kyue:/usr/libexec/ApplicationFirewall> sudo ./socketfilterfw -t \~/[my binary path]\
adding ~/[my binary path] to the list of trusted applications
GetSignException: creator ‘BNUp’
GetSignException: creator ‘BNu2′
GetSignException: creator ‘SWar’
GetSignException: creator ‘StCm’
GetSignException: creator ‘Dbl2′
GetSignException: creator ‘PJ03′
GetSignException: creator ‘PJ07′
GetSignException: creator ‘FP98′

There was great guidance from this article:

http://krypted.com/mac-os-x/command-line-alf-on-mac-os-x/comment-page-1/#comment-547

Just wondering if anyone here may know why it doesn't seem to be working.

Kat

Answer 1

Just to provide a bit of closure. After playing around with it some more. These GetSignException messages are for applications that are signed and not found on my Mac. These creators are from World of Warcraft, Diablo2, etc, which are irrelevant to what I am trying to do. I posted the question on Apple Discussions Forum. Someone said that this may be because this is no longer supported, therefore, does not work anymore.

http://discussions.apple.com/thread.jspa?messageID=10900266&#10900266