Filter
Top Products
140 Chapter 13 Working With Network Services
Adding Rules Using serveradmin
If you prefer not to work with the ipfw.conf file, you can use the serveradmin
settings command to add firewall rules to your configuration.
Note: Be sure to include the special first setting (ending with = create). This is how
you tell serveradmin to create the necessary rule array with the specified rule number.
To add a subnet:
$ sudo serveradmin settings
ipfilter:rules:_array_id:rule
= create
ipfilter:rules:_array_id:rule
:source = source
ipfilter:rules:_array_id:rule:protocol = protocol
ipfilter:rules:_array_id:rule:destination = destination
ipfilter:rules:_array_id:rule:action = action
ipfilter:rules:_array_id:rule:enableLocked = (yes|no)
ipfilter:rules:_array_id:rule
:enabled = (yes|no)
ipfilter:rules:_array_id:rule
:log = (yes|no)
ipfilter:rules:_array_id:rule
:readOnly = (yes|no)
ipfilter:rules:_array_id:rule:source-port = port
Control-D
Example:
$ sudo serveradmin settings
ipfilter:rules:_array_id:1111 = create
ipfilter:rules:_array_id:1111:source = "10.10.41.60"
ipfilter:rules:_array_id:1111:protocol = "udp"
ipfilter:rules:_array_id:1111:destination = "any via en0"
ipfilter:rules:_array_id:1111:action = "allow"
ipfilter:rules:_array_id:1111:enableLocked = yes
ipfilter:rules:_array_id:1111:enabled = yes
ipfilter:rules:_array_id:1111:log = no
ipfilter:rules:_array_id:1111:readOnly = yes
ipfilter:rules:_array_id:1111:source-port = ""
Control-D
Parameter Description
rule
A unique rule number.
Other parameters The standard rule settings described under “IPFilter Rules Array” on
page 141.
LL2354.book Page 140 Monday, October 20, 2003 9:47 AM