I've been trying to reload pf rules whenever network changes. Here is my plist file. /Library/LaunchAgents/com.wwk.networkchange.plist
ScriptManager.RegisterClientScriptBlock(this.GetType(),
"ScriptKey", "alert('There guest that didn't logged out.');window.location = '/absolutepath'", true);
I can see that /private/var/run/resolv.conf is changed when network interfaces are changed but pf rules aren't reloaded at all. FYI, /Users/wwk/pf.conf is there and I've enabled /sbin/pfctl to do without password prompt via /etc/sudoers file. Thanks in any advance!
答案 0 :(得分:1)
我至少看到两个问题。
首先,你的ProgramArguments需要是一个字符串数组,而不是一个带空格的字符串。
其次,你真的不应该使用sudo - 只需将它作为LaunchDaemon(以root身份运行)而不是LaunchAgent(以登录用户身份运行)。因此,您的ProgramArguments应如下所示:
<key>ProgramArguments</key>
<array>
<string>/sbin/pfctl</string>
<string>-f</string>
<string>/Users/wwk/pf.conf</string>
</array>
答案 1 :(得分:0)
实际上是因为我的新守护进程与Apple的默认pfctl守护进程发生冲突。
因此,我必须更新默认的pfctl守护程序plist以观察网络更改时更改的路径。
将以下内容添加到/System/Library/LaunchDaemons/com.apple.pfctl.plist
<WatchPaths>
<array>
<string>/private/var/run/resolv.conf</string>
<string>/etc/pf.conf</string>
<string>/Library/Preferences/SystemConfiguration/NetworkInterfaces.plist</string>
<string>/Library/Preferences/SystemConfiguration/com.apple.airport.preferences.plist</string>
</array>
顺便说一句,我们必须在macOS恢复模式下通过$ csrutil disable启用系统文件的更改,以便在上面的plist文件中进行更改。 (在系统文件中进行必要的更改后应该$ csrutil enable)