Filter
Top Products
228 Chapter 14 Working with Network Services
Firewall Startup
Although the firewall is treated as a service by the Server Admin application, it is not
implemented by a running process like other services. It is simply a set of behaviors in
the kernel, controlled by the ipfw and sysctl tools. To start and stop the firewall, the
Server Admin application sets a switch using the sysctl tool. When the computer
starts, a startup item named IPFilter checks the /etc/hostconfig file for the “IPFILTER”
flag. If it is set, the sysctl tool is used to enable the firewall:
$ sysctl -w net.inet.ip.fw.enable=1
Otherwise, it disables the firewall:
$ sysctl -w net.inet.ip.fw.enable=0
Note that the rules loaded in the firewall remain there regardless of this setting. It’s just
that they are ignored when the firewall is disabled.
Starting and Stopping Firewall Service
To start Firewall service:
$ sudo serveradmin start ipfilter
To stop Firewall service:
$ sudo serveradmin stop ipfilter
Checking the Status of Firewall Service
To see summary status of Firewall service:
$ sudo serveradmin status ipfilter
To see detailed status of Firewall service, including rules:
$ sudo serveradmin fullstatus ipfilter
Viewing Firewall Service Settings
To list Firewall service configuration settings:
$ sudo serveradmin settings ipfilter
To list a particular setting:
$ sudo serveradmin settings ipfilter:
setting
To list a group of settings:
Enter only as much of the name as you want, stopping at a colon (:), then enter an
asterisk (*) as a wildcard for the remaining parts of the name. For example:
$ sudo serveradmin settings ipfilter:ipAddressGroups:*