lib/invoker/power/setup/osx_setup.rb in invoker-1.2.0 vs lib/invoker/power/setup/osx_setup.rb in invoker-1.3.0

@@ -8,11 +8,10 @@
       def setup_invoker
         if setup_resolver_file
           find_open_ports
           install_resolver(port_finder.dns_port)
           install_firewall(port_finder.http_port, port_finder.https_port)
-          flush_dns_rules
           # Before writing the config file, drop down to a normal user
           drop_to_normal_user
           create_config_file
         else
           Invoker::Logger.puts("Invoker is not configured to serve from subdomains".color(:red))
@@ -24,20 +23,15 @@
         uninstall_invoker_flag = Invoker::CLI::Question.agree("Are you sure you want to uninstall firewall rules created by setup (y/n) : ")
 
         if uninstall_invoker_flag
           remove_resolver_file
           unload_firewall_rule(true)
-          flush_dns_rules
           Invoker::Power::Config.delete
           Invoker::Logger.puts("Firewall rules were removed")
         end
       end
 
-      def flush_dns_rules
-        system("dscacheutil -flushcache")
-      end
-
       def create_config_file
         Invoker.setup_config_location
         Invoker::Power::Config.create(
           dns_port: port_finder.dns_port,
           http_port: port_finder.http_port,
@@ -74,10 +68,11 @@
       def load_firewall_rule
         system("launchctl load -Fw #{FIREWALL_PLIST_FILE} 2>/dev/null")
       end
 
       def unload_firewall_rule(remove = false)
+        system("pfctl -a com.apple/250.InvokerFirewall -F nat 2>/dev/null")
         system("launchctl unload -w #{FIREWALL_PLIST_FILE} 2>/dev/null")
         system("rm -rf #{FIREWALL_PLIST_FILE}") if remove
       end
 
       # Ripped from POW code
@@ -113,12 +108,14 @@
         string
       end
 
       # Ripped from Pow code
       def firewall_command(http_port, https_port)
-        "ipfw add fwd 127.0.0.1,#{http_port} tcp from any to me dst-port 80 in"\
-          "&& ipfw add fwd 127.0.0.1,#{https_port} tcp from any to me dst-port 443 in"\
-          "&& sysctl -w net.inet.ip.forwarding=1"
+        rules = [
+          "rdr pass on lo0 inet proto tcp from any to any port 80 -> 127.0.0.1 port #{http_port}",
+          "rdr pass on lo0 inet proto tcp from any to any port 443 -> 127.0.0.1 port #{https_port}"
+        ].join("\n")
+        "echo \"#{rules}\" | pfctl -a 'com.apple/250.InvokerFirewall' -f - -E"
       end
 
       def setup_resolver_file
         return true unless File.exists?(RESOLVER_FILE)
         Invoker::Logger.puts "Invoker has detected an existing Pow installation. We recommend "\