Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Add firewall rules via `defaults write`' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Add firewall rules via `defaults write`
Authored by: babbage on Apr 07, '05 05:43:31PM

Of course, the other way to do this is to learn how to use the BSD derived ipfw tool directly, and dispense with managing the firewall in the GUI. To learn about this approach, read the manpage for ipfw, or do a Google search for it; to see your current settings, just do a `ipfw list`.

The nice thing about the manual ipfw approach is that you get a lot more control over how the firewall is configured (for example, separate management of TCP and UDP traffic, and of incoming and outgoing traffic);the downside to this approach is that the GUI settings no longer work, so it's all or nothing this way.

The nice thing about this hint is that it's a compromise. You can do coarse-grained command line firewall management on the command line -- which is great for managing basic setup of remote computers (e.g. with ARD or ssh) -- but you don't break the ability to control the firewall under Sharing preferences. Very useful -- thanks for the idea!

---

--
DO NOT LEAVE IT IS NOT REAL



[ Reply to This | # ]
Add firewall rules via `defaults write`
Authored by: Cameroon on Apr 07, '05 09:10:43PM

Or you could use a GUI that actually encompasses all of the power of the ipfw ruleset (clunky as ipfw and its syntax are, they are very powerful).

That's why I'm building such an app. I don't use the Apple firewall tool and the other GUI tools just don't cut it. I've got most of the rule features covered, but not the checkstate and a number of the other advanced options. And yes, it can read the existing rules (and export the whole thing as something that can be fed to ipfw).

My goal is to get all the options in and make the GUI comfortable to use (it's already more convenient to me than the command line).



[ Reply to This | # ]
Add firewall rules via `defaults write`
Authored by: babbage on Apr 08, '05 07:04:29AM
Or you could use a GUI that actually encompasses all of the power of the ipfw ruleset (clunky as ipfw and its syntax are, they are very powerful).

Ah, yes, good point. In that case, you'll want to take a look at BrickHouse. It may be a bit outdated at this point -- the last update seems to have been in October 2001, when it was rebuild for OSX 10.1 -- but the fundamentals really haven't changed since then and as far as I can tell it should still work just fine.

---

--
DO NOT LEAVE IT IS NOT REAL

[ Reply to This | # ]

Add firewall rules via `defaults write`
Authored by: Cameroon on Apr 08, '05 07:57:08AM

Brickhouse was one of my reasons for building my own. It has some good features, but it has some glaring omissions.

You can't build divert, tee or forward rules or "import" the existing ipfw rules to be edited via it's UI. It does provide an Expert mode, but that's just editing a text file -- why use Brickhouse if you have to use it's Expert mode?

It also feels clunky to me; the viewing area for the rules is too small and it takes a sheet and another window to get to some additional ipfw features.

Don't get me wrong, I think Brickhouse is a good tool, but I think Brickhouse is aimed at a different audience than mine. I imagine, in the end, my software will feel more comfortable to users who don't want to use the CLI or edit text files, but want the features of a GUI also powerful rule editing.

sunShield, mentioned in another comment (and one I'd never heard of before), is more my "competition" than Brickhouse.



[ Reply to This | # ]
sunshield
Authored by: kholburn on Apr 07, '05 09:41:30PM
I use sunshield Preference Pane. It shows the current ipfw stuff and allows you to add lines sort of GUI.


[ Reply to This | # ]
sunshield
Authored by: Cameroon on Apr 07, '05 11:02:45PM

That seems to work pretty well and look pretty good.

Guess I know where the competition is, heh ;)



[ Reply to This | # ]
sunshield correct url
Authored by: kholburn on Apr 07, '05 09:43:50PM
Add firewall rules via `defaults write`
Authored by: JohnnyMnemonic on Apr 08, '05 10:03:56PM

Actually, I haven't been able to find ipfw.conf in OS X client, although I've been using it in Server. I presume it's there somewhere, but it must be cloaked.

Which file do you use to manually add firewall rules, if not ipfw.conf? Or, if you have it, why don't I? I do have a functioning firewall.



[ Reply to This | # ]