How do I stop my Mac from asking to accept incoming network connections?
Solution 1
This might be caused by a missing or wrong digital signature. Like Apple explains:
If you run an unsigned app that is not listed in the firewall list, a dialog appears with options to Allow or Deny connections for the app. If you choose Allow, OS X signs the application and automatically adds it to the firewall list.
[...]
Some apps check their own integrity when they are opened without using code signing. If the firewall recognizes such an app it doesn't sign it. Instead, it the "Allow or Deny" dialog appears every time the app is opened. This can be avoided by upgrading to a version of the app that is signed by its developer.
This dialog might also be shown every time if the application is signed, but the signature of the application itself is broken, like even for iTunes.
You can check the signature by running the following command in Terminal (I am not sure about your application's name here):
codesign --verify -vv /Applications/Syncthing.app/
Alternatively, maybe remove the application in the firewall settings, and then see if accepting once more is enough to stop OS X prompting you? Or maybe explicitly add it through those settings?
And as for the default: make sure the option "Automatically allow signed software to receive incoming connections" is enabled:
Solution 2
This instruction permanently disables this annoying pop-up and the solution is applicable to all apps missing or having a wrong digital signature.
In short:
sudo codesign --force --deep --sign - path-to-the-app.app
Related videos on Youtube
06 : 05
03 : 02
03 : 28
02 : 23
02 : 04
01 : 17
02 : 11
Chris
Oh Captain, My Captain: "No matter what anybody tells you, words and ideas can change the world."
Updated on September 18, 2022Comments
-
Chris over 1 year
I am using Syncthing, which is an application to sync files between two or more computers. I believe Syncthing (on github) needs to be allowed to Accept incoming network connections to work properly.
Mac OS X has a build-in firewall, which constantly asks me, if I want to allow syncthing to accept incoming network connections in form of a pop-up window. Usually, this only is asked once for an application, but for some reason this pop-up appears at least 4 times a day.
It might be related to an automated update functionality that results in a new binary showing up once in a while (similar to what Google Chrome does). However, the update frequency of this application is much lower compared to the amount of pop-ups I am receiving.
Any idea what I could do to make Mac OS X stop asking me this question for a specific application or is there just no way around it?
It would be great if there was also a default choice that would be made in case I am away from the machine. Any idea how this could be accomplished - without turning the firewall off?
-
Chris about 9 yearspretty good answer - I found that default setting you mentioned, but it's not satisfactory as all incoming connections will be enabled automatically this way, but I guess that's the only option
-
Arjan about 9 years@Chris, if you're (rightfully so) concerned about signed applications being allowed to accept incoming connections, then please note that the OS X firewall only filters incoming connections. It allows all outgoing connections, so from a security point of view I'd say that any other firewall is preferred over the OS X one. (But some disagree about that, while others disagree with those who disagree...) -
Arjan about 9 yearsSo, @Chris, any results for the signature check? And on removing the application from the firewall settings to see if "Allow" sticks after that (maybe until the next update...)?
-
Chris about 9 yearsthanks for the hints - I am in fact using LittleSnitch to have a better firewall for the reasons you explained, but still have the OS X firewall enabled - I will test removing it from there and see if that does anything
-
Chris about 9 yearsI realised that
syncthingwas present multiple times inside the OS X Firewall settings. I removed all of them and restarted the application. I am waiting to see if the constant nagging has now stopped :) -
Arjan about 9 yearsAh, nice, @Chris. Did you ever run the
codesign --verifycommand? -
Chris about 9 yearsPS: After a few days I now had no more issues with this and accepted this as the answer! Thanks.
-
Arjan about 9 yearsYes, @Chris, makes sense. So, if I understand correctly you removed all occurrences of the app from the firewall settings, and then allowed it to accept connections. So, I guess you'll see one occurrence of that app in the firewall now. When you accepted, OS X will have calculated the signature, and I assume that
codesign --verifywill report all is fine today. (You might want to try!) However, as soon as that internal syncthing updates itself, the signature that OS X calculated breaks, so as of that day you'll have to approve (after every reboot?), or clean up the firewall settings... -
Chris about 9 yearsYes, that's what I did and expect to happen. However, even though I believe the internal syncthing was updated recently, the OS X firewall didn't bother me again (so far). The firewall actually "knows" that it's the internal executable that asks for permission and doesn't add the wrapper application (who's signature is breaking). The internal executable always has a valid signature (after every update), but I don't know if the OS X firewall checks for changes of signature? In this case also Skype, etc should ask for permissions after every update, though (which they don't as far as I know).
-
SuperTempel over 7 yearsBTW, this comment explains how to fix a bad (or old) code signature yourself, even if you don't own an official one from Apple: apple.stackexchange.com/a/121010
-
Pierre-Antoine about 4 yearsSigning the app seems to be good way to make this popup disapear for app without a signature. However the above command does not seem to work for me. I never signed an app. Is there some key to generate first? or config to setup? I am typically gettingerror: The specified item could not be found in the keychain. -
TopperHarley about 3 years@Pierre-Antoine you will need to generate your key, this answer does a good job of covering how to do so (while talking about the same solution)
-
AlbertEngelB about 3 years@Pierre-Antoine I still had the popup after doing this to the executable. What fixed it for me was after forcing the code signing process, removing that executable from the Firewall's list of whitelisted applications. Once I removed the old entry I never saw another popup for the app. -
Yar over 2 yearsnote that the syntax is a bit weird. the complete syntax for say Golang would besudo codesign --force --deep --sign - /Applications/GoLand.app
