Filter
Top Products
138 Chapter 13 Working With Network Services
IPFilter Groups With Rules Array
An array of the following settings is included in the IPFilter settings for each defined IP
address group. These arrays aren’t part of a standard ipfw configuration, but are created
by the Server Admin GUI application to implement the IP Address groups on the
General pane of the Firewall service settings. In an actual list of settings, <group> is
replaced with an IP address group.
Defining Firewall Rules
You can use serveradmin to set up firewall rules for your server. However, a simpler
method is to add your rules to a configuration file used by the service. By modifying
the file, you’ll be able to define your rules using standard rule syntax instead of creating
a specialized array to store the rule’s components.
Adding Rules by Modifying ipfw.conf
The file in which you can define your rules is /etc/ipfilter/ipfw.conf. The Firewall service
reads this file, but doesn’t modify it. Its contents are annotated and include
commented-out rules you can use as models. Its default contents are listed below.
For more information, read the ipfw man page.
logAllDenied Specifies whether to log all denials.
Default = no
ipAddressGroups:_array_id:
n:address
The address of a defined IP address group, the first
element of an array that defines an IP address group.
ipAddressGroups:_array_id:
n:name
The name of a defined IP address group, the second
element of an array that defines an IP address group.
logAllAllowed Whether to log access allowed by rules.
Default = no
Parameter (ipfilter:) Description
Parameter (ipfilter:) Description
ipAddressGroupsWithRules:
_array_id:<group>:rules
An array of rules for the group.
ipAddressGroupsWithRules:
_array_id:<group>:addresses
The group’s address.
ipAddressGroupsWithRules:
_array_id:<group>:name
The group’s name.
ipAddressGroupsWithRules:
_array_id:<group>:readOnly
Whether the group is set for read-only.
LL2354.book Page 138 Monday, October 20, 2003 9:47 AM