Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

A fix for an advanced firewall settings issue on Server OS X Server
I had big trouble with the Advanced Firewall settings in Server Admin. I had a lot of double entries in the rules list, but could not delete them. If I moved them up or down, they were copied instead of being moved. If I enabled a disabled rule and saved it, it was automatically disabled again. Many rule numbers were duplicated with different contents.

So here's the fix: Disconnect your server from the internet, then in Server Admin, stop the firewall. Quit Server Admin and open Terminal. Type in the following:
$ cd /etc/ipfilter
$ cp ip_address_groups.plist ip_address_groups.plist.orig
$ sudo open ip_address_groups.plist
Check, edit, and correct all the rules. To see a list of ports, use cat /etc/services. To learn how to set up rules correctly use man ipfw. When all rules are correct, then:
$ sudo mv ipfw.conf.apple ipfw.conf.apple.orig
$ sudo ipfw flush
Start Server Admin, start the firewall, and check the Active Rules tab. If it is empty, make a dummy change in a rule and save. If everything looks good, bring your server online again.

[robg adds: I can't test this one easily, nor do I know anyone who runs Server regularly. If this hint isn't helpful, please let me know!]
    •    
  • Currently 2.11 / 5
  You rated: 2 / 5 (9 votes cast)
 
[9,771 views]  

A fix for an advanced firewall settings issue on Server | 3 comments | Create New Account
Click here to return to the 'A fix for an advanced firewall settings issue on Server' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
A fix for an advanced firewall settings issue on Server
Authored by: JohnnyMnemonic on Feb 14, '07 12:30:33PM
This hint is a non-sequitur. OS X Client uses ipfw, and I'm pretty sure that OS X Server does as well.

ipfilter is another firewall entirely, but is more common on Linux than ipfw.

I'd guess that the poster came from a Linux background, set up ipfilter rules, unaware that ipfw was already handling firewall duties. Thus the duplication of rulesets.

As for people that use OS X Server regularly, try: www.afp548.com

[ Reply to This | # ]
A fix for an advanced firewall settings issue on Server
Authored by: sheurich on Feb 15, '07 05:08:17AM
Actually, the poster is correct - Mac OS X Server uses IPFW2, but stores the rulesets in PLISTs located in /etc/ipfilter.

The ipfilter package you mention is not specific to Linux, but available for most UNIX systems, including Mac OS X. The fellow who wrote it, Darren Reed, now works for Sun, who includes ipfilter with Solaris 10 - http://blogs.sun.com/avalon/.

[ Reply to This | # ]
A fix for an advanced firewall settings issue on Server
Authored by: mkluskens on May 12, '09 10:04:25AM

Absolutely correct, even in OS X 10.5.6 Server, the ipfw and ip6fw configuration files are stored in /etc/ipfilter.

Now configuring ip6fw rules, that's a problem as you have to do that yourself with some other tools, you can't just edit ip6fw.conf.apple as Server Admin overwrites that.



[ Reply to This | # ]