Firewall blocks Go development server

Question

I'm developing an API in Go with the Beego framework. When I save one of my files, the Go development server restarted by the Beego framework (as usual) and everything is updated.

The only problem on my Mac appears when the binary file (Go server file) is rebuilt and restarted my firewall asks permission to allow the binary file to accept incoming network connection.

I did some research about signing the binary file etc. but nothing helps because the binary is rebuilt after every change in one of my files (so the Go development server restarted)

Does anyone knows a solution to ignore the popup without turning off my firewall?

Answer 1

Depending on your situation it may actually be easier to let your go program only listen on localhost (127.0.0.1). This way the program won't need to ask for firewall traversal, and you won't get the message.

In Go that is something like:

log.Fatal(http.ListenAndServe("127.0.0.1:8080", router))

instead of:

log.Fatal(http.ListenAndServe(":8080", router))

You can then add something like a build or env variable to disable the localhost-only thing before you build it for production.

Answer 2

If you know what TCP/IP port your Go program is listening on, you can open up the port in the firewall.

Something like:

sudo ipfw add 8080 allow tcp from any to any dst-port 8080

should do the trick, but it's probably worth doing some reading on the OSX firewall. This discussion looks promising.

EDIT: As of OSX 10.8 ipfw is deprecated (it still works though). You should now use pfctl. There's a GUI for configuring it called "IceFloor".

ipfw documentation