A fix for an advanced firewall settings issue on Server
Feb 13, '07 07:30:01AM • Contributed by: Euklid
Feb 13, '07 07:30:01AM • Contributed by: Euklid
I had big trouble with the Advanced Firewall settings in Server Admin. I had a lot of double entries in the rules list, but could not delete them. If I moved them up or down, they were copied instead of being moved. If I enabled a disabled rule and saved it, it was automatically disabled again. Many rule numbers were duplicated with different contents.
So here's the fix: Disconnect your server from the internet, then in Server Admin, stop the firewall. Quit Server Admin and open Terminal. Type in the following:
[robg adds: I can't test this one easily, nor do I know anyone who runs Server regularly. If this hint isn't helpful, please let me know!]
So here's the fix: Disconnect your server from the internet, then in Server Admin, stop the firewall. Quit Server Admin and open Terminal. Type in the following:
$ cd /etc/ipfilter
$ cp ip_address_groups.plist ip_address_groups.plist.orig
$ sudo open ip_address_groups.plist
Check, edit, and correct all the rules. To see a list of ports, use cat /etc/services. To learn how to set up rules correctly use man ipfw. When all rules are correct, then:
$ sudo mv ipfw.conf.apple ipfw.conf.apple.orig
$ sudo ipfw flush
Start Server Admin, start the firewall, and check the Active Rules tab. If it is empty, make a dummy change in a rule and save. If everything looks good, bring your server online again.
[robg adds: I can't test this one easily, nor do I know anyone who runs Server regularly. If this hint isn't helpful, please let me know!]
•
[9,769 views]
