Apple Mac OS X Server Network Card User Manual

Open as PDF

of 304

232 Chapter 14 Working with Network Services

To disallow any connection from the entire cracker.evil.org network to my host:

1 Ping cracker.evil.org to determine its IP address.

$ ping cracker.evil.org

PING cracker.evil.org (123.45.67.10): 56 data types

64 bytes from 123.45.67.10: icmp_seq=0 ttl=52 time=24.953 ms

64 bytes from 123.45.67.10: icmp_seq=1 ttl=52 time=19.406 ms

64 bytes from 123.45.67.10: icmp_seq=2 ttl=52 time=18.871 ms

64 bytes from 123.45.67.10: icmp_seq=3 ttl=52 time=29.776 ms

64 bytes from 123.45.67.10: icmp_seq=4 ttl=52 time=26.209 ms

2 Deny access to a range of IP addresses associated with cracker.evil.org.

$ ipfw add deny ip from 123.45.67.0/24 to my.host.org

Adding Rules Using serveradmin

If you prefer not to work with the ipfw.conf file, you can use the serveradmin settings

command to add firewall rules to your configuration.

Note: Be sure to include the special first setting (ending with = create). This is how you

tell serveradmin to create the necessary rule array with the specified rule number.

To add a rule:

$ sudo serveradmin settings

ipfilter:rules:_array_id:

rule

= create

ipfilter:rules:_array_id:

rule

:source =

source

ipfilter:rules:_array_id:

rule

:protocol =

protocol

ipfilter:rules:_array_id:

rule

:destination =

destination

ipfilter:rules:_array_id:

rule

:action =

action

ipfilter:rules:_array_id:

rule

:enableLocked = (yes|no)

ipfilter:rules:_array_id:

rule

:enabled = (yes|no)

ipfilter:rules:_array_id:

rule

:log = (yes|no)

ipfilter:rules:_array_id:

rule

:readOnly = (yes|no)

ipfilter:rules:_array_id:

rule

:source-port =

port

Control-D

An example of this would be similar to the following:

$ sudo serveradmin settings

ipfilter:rules:_array_id:1111 = create

ipfilter:rules:_array_id:1111:source = "10.10.41.60"

ipfilter:rules:_array_id:1111:protocol = "udp"

ipfilter:rules:_array_id:1111:destination = "any via en0"

ipfilter:rules:_array_id:1111:action = "allow"

ipfilter:rules:_array_id:1111:enableLocked = yes

ipfilter:rules:_array_id:1111:enabled = yes

ipfilter:rules:_array_id:1111:log = no

Parameter Description

rule

A unique rule number.

Other parameters The standard rule settings described under “ipfilter Rules Array” on

page 233.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Apple Mac OS X Server Network Card User Manual