Apple recently published a technical note explaining how to enable the adaptive firewall in OS X Server. This is a type of firewall that automatically creates temporary rules according to certain events. For example, a number of failed login attempts will cause the adaptive firewall to create a temporary rule to block the IP address attempting to log in.
To do this, run the following commands as an administrative user:
Then, edit /System/Library/LaunchDaemons/com.apple.pfctl.plist using the following commands:
Another technical note explains how to resolve an issue where packet rules do not load.
For more information, see man afctl and this post on the techorganic blog.
To do this, run the following commands as an administrative user:
sudo pfctl -f /etc/pf.conf sudo /Applications/Server.app/Contents/ServerRoot/usr/sbin/serverctl enable service=com.apple.afctl sudo /Applications/Server.app/Contents/ServerRoot/usr/libexec/afctl -f
sudo defaults write /System/Library/LaunchDaemons/com.apple.pfctl ProgramArguments '(pfctl, -f, /etc/pf.conf, -e)' sudo chmod 644 /System/Library/LaunchDaemons/com.apple.pfctl.plist sudo plutil -convert xml1 /System/Library/LaunchDaemons/com.apple.pfctl.plist
For more information, see man afctl and this post on the techorganic blog.
•
[16,056 views]

