Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Enable the adaptive firewall in OS X Server OS X Server
Apple recently published a technical note explaining how to enable the adaptive firewall in OS X Server. This is a type of firewall that automatically creates temporary rules according to certain events. For example, a number of failed login attempts will cause the adaptive firewall to create a temporary rule to block the IP address attempting to log in.

To do this, run the following commands as an administrative user:
sudo pfctl -f /etc/pf.conf
sudo /Applications/Server.app/Contents/ServerRoot/usr/sbin/serverctl enable service=com.apple.afctl
sudo /Applications/Server.app/Contents/ServerRoot/usr/libexec/afctl -f
Then, edit /System/Library/LaunchDaemons/com.apple.pfctl.plist using the following commands:
sudo defaults write /System/Library/LaunchDaemons/com.apple.pfctl ProgramArguments '(pfctl, -f, /etc/pf.conf, -e)'
sudo chmod 644 /System/Library/LaunchDaemons/com.apple.pfctl.plist
sudo plutil -convert xml1 /System/Library/LaunchDaemons/com.apple.pfctl.plist
Another technical note explains how to resolve an issue where packet rules do not load.

For more information, see man afctl and this post on the techorganic blog.
    •    
  • Currently 2.16 / 5
  You rated: 1 / 5 (31 votes cast)
 
[14,755 views]  

Enable the adaptive firewall in OS X Server | 4 comments | Create New Account
Click here to return to the 'Enable the adaptive firewall in OS X Server' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Enable the adaptive firewall in OS X Server
Authored by: comodin on Oct 11, '12 10:41:05AM

I prefer fail2ban, cause I can configure for each services its own fail-conditions.
SSH 1st fail = ban for 24h, but FTP 5th fail = ban for 20min etc.

---
--



[ Reply to This | # ]
Enable the adaptive firewall in OS X Server
Authored by: LEgregius on Oct 29, '12 07:12:47AM

1st fail 24 hr ban? That's funny. I almost never successfully login to ssh the first time. Long passwords and all...



[ Reply to This | # ]
Enable the adaptive firewall in OS X Server
Authored by: comodin on Oct 29, '12 07:50:53AM

I use ssh-key , no password.. but the scriptkiddies try to login with password. To ban this folks first fail is set to ban.

---
--



[ Reply to This | # ]
Enable the adaptive firewall in OS X Server
Authored by: Bimmered on Oct 12, '12 12:33:57AM

Is this only for 10.8 Server?



[ Reply to This | # ]