Manuals / Apple / Kitchen Appliance / Frozen Dessert Maker

Apple 034-2351_Cvr Understanding Firewall Filters, What is a Filter?, IP Address, Subnet Mask

Models: 034-2351_Cvr

1 97

Download 97 pages 56.32 Kb

Page 45

Understanding Firewall Filters

When you start firewall service, the default configuration denies access to all incoming packets from remote computers except ports for remote configuration. This provides a high level of security. You can then add new IP filters to allow server access to those clients who require access to services.

To learn how IP filters work, read the following section. To learn how to create IP filters, see “Managing Firewall Service” on page 49.

What is a Filter?

A filter is made up of an IP address and a subnet mask, and sometimes a port number and access type. The IP address and the subnet mask together determine the range of IP addresses to which the filter applies, and can be set to apply to all addresses.

IP Address

IP addresses consist of four segments with values between 0 and 255 (the range of an 8 bit number), separated by dots (for example, 192.168.12.12). The segments in IP addresses go from general to specific (for example, the first segment might belong to all the computers in a whole company, and the last segment might belong to a specific computer on one floor of a building).

Subnet Mask

A subnet mask indicates which segments in the specified IP address can vary on a given network and by how much. The subnet mask is given in Classless Inter Domain Routing (CIDR) notation. It consists of the IP address followed by a slash (/) and a number from 1 to 32, called the IP prefix. An IP prefix identifies the number of significant bits used to identify a network.

For example, 192.168.2.1 /16 means the first 16 bits (the first two numbers separated by periods) are used to represent the network (every machine on the network begins with 192.168) and the remaining 16 bits (the last two numbers separated by periods) are used to identify hosts (each machine has a unique set of trailing numbers).

Chapter 3 IP Firewall Service

45

Image 45

Apple 034-2351_Cvr manual Understanding Firewall Filters, What is a Filter?, IP Address, Subnet Mask

Contents

For Version 10.3 or Later Mac OS X Server Network Services AdministrationApple Computer, Inc 2003 Apple Computer, Inc. All rights reserved034-2351/9-20-03 How to Use This Guide ContentsUsing This Guide Setting Up Mac OS X Server for the First TimeConfiguring NAT Service NAT ServiceMonitoring NAT Service VPN ServiceUsing This Guide How to Use This GuideWhat’s Included in This Guide PrefaceSetting Up Mac OS X Server for the First Time Getting Help for Everyday Management TasksGetting Additional Information Before You Set Up DHCP Service DHCP ServiceCreating Subnets Using Static IP AddressesAssigning IP Addresses Dynamically Locating the DHCP ServerUsing Multiple DHCP Servers on a Network Setting Up DHCP Service for the First TimeInteracting With Other DHCP Servers Assigning Reserved IP AddressesStarting and Stopping DHCP Service Managing DHCP ServiceCreating Subnets in DHCP Service Step 2 Set up logs for DHCP serviceTo change subnet settings Changing Subnet Settings in DHCP ServiceSetting the DNS Server for a DHCP Subnet Deleting Subnets From DHCP ServiceChanging IP Address Lease Times for a Subnet To delete subnets or address rangesSetting LDAP Options for a Subnet Setting WINS Options for a SubnetTo set LDAP options for a subnet To disable a subnet Monitoring DHCP ServiceDisabling Subnets Temporarily Viewing the DHCP Status OverviewTo set up the log detail level Setting the Log Detail Level for DHCP ServiceViewing DHCP Log Entries Viewing the DHCP Client ListWhere to Find More Information DNS Service Setting Up DNS Service for the First Time Before You Set Up DNS ServiceSetting Up Multiple Name Servers DNS and BINDStep 2 Learn and plan Step 6 Set up a mail exchange MX record optional Step 3 Configure basic DNS settingsStep 8 Start DNS service Step 4 Create a DNS ZoneStarting and Stopping DNS Service Managing DNS ServiceTo start or stop DNS service To enable or disable zone transferManaging Zones To enable or disable recursionAdding a Master Zone MasterAdding a Slave Zone To add a master zoneTo add a slave zone Duplicating a Zone Adding a Forward ZoneTo add a forward zone To duplicate a zoneModifying a Zone Managing RecordsDeleting a Zone To modify a zoneTo add a record Adding a Record to a ZoneDeleting a Record From a Zone Modifying a Record in a ZoneTo modify a record To delete a recordViewing DNS Service Activity Viewing DNS Service StatusTo view DNS service status To view DNS service activityViewing DNS Usage Statistics Changing DNS Log File LocationTo change the log detail level To change the log detail levelDNS Spoofing Securing the DNS ServerServer Mining To see DNS usage statisticsDenial-of-ServiceDoS DNS Service ProfilingTo specify zone transfer IP addresses To alter BIND’s version responseService Piggybacking optionsallow-recursion 127.0.0.0/8 Setting Up MX Records Configuring DNS for Mail Service To enable MX recordsEnabling Redundant Mail Servers To enable backup or redundant mail servers Setting Up Namespace Behind a NAT RouterNetwork Load Distribution aka Round Robin Setting Up a Private TCP/IP NetworkWhat Is BIND? Configuring BIND Using the Command LineBIND on Mac OS X Server BIND Configuration FilePractical Example Zone Data FilesSetting Up Sample Configuration Files To set up the sample filesConfiguring Clients Check Your Configuration Using DNS With Dynamically Assigned IP AddressesWhere to Find More Information Request For Comment DocumentsPage IP Firewall Service Chapter 3 IP Firewall Service Understanding Firewall Filters What is a Filter?IP Address Subnet MaskNumber of addresses Chapter 3 IP Firewall ServiceCIDR Corresponds to NetmaskRule Mechanism and Precedence Using Address RangesMultiple IP Addresses SampleStep 2 Start firewall service Setting Up Firewall Service for the First TimeStep 1 Learn and plan Step 4 Add filters to the IP filter listStarting and Stopping Firewall Service Managing Firewall ServiceOpening the Firewall for Standard Services Step 5 Save firewall service changesTo open the firewall for standard services Creating an Address GroupTo create an address group Duplicating an Address Group Editing or Deleting an Address GroupCreating an Advanced IP Filter for TCP ports To edit or delete an address groupTo create an IP filter for TCP ports Creating an Advanced IP Filter for UDP PortsTo create an IP filter for UDP ports To change the Default setting Changing the Default FilterEditing Advanced IP Filters To edit advanced IP filtersSetting Up Logs for Firewall Service Monitoring Firewall ServiceTo set up logs To view the log for firewall serviceViewing Packets Logged by Filter Rules Viewing Denied PacketsLog Example To view denied packetsPractical Examples Block Access to Internet UsersBlock Junk Mail To do thisAllow a Customer to Access the Apple File Server To do thisTo do this Preventing Denial-of-ServiceDoS Attacks To prevent ping denial-of-serviceattacksControlling or Enabling Peer-to-PeerNetwork Usage Advanced Configuration Controlling or Enabling Network Game UsageBackground Creating IP Filter Rules Using ipfw PrecautionsCreating IP Filter Rules Reviewing IP Filter RulesChapter 3 IP Firewall Service Rule numberDeleting IP Filter Rules Port ReferenceTCP port Chapter 3 IP Firewall ServiceUsed for ReferenceTCP port Chapter 3 IP Firewall ServiceUsed for ReferenceWhere to Find More Information For more information about ipfwRequest For Comment Documents man ipfwNAT Service Starting and Stopping NAT ServiceTo start NAT service Monitoring NAT Service Configuring NAT ServiceTo configure NAT service Viewing the NAT Status OverviewFor more information about natd To view the NAT divert logWhere to Find More Information Request For Comment DocumentsPage VPN Service VPN and Security Authentication MethodTransport Protocols Point to Point Tunneling Protocol PPTPManaging VPN Service Before You Set Up VPN ServiceStarting or Stopping VPN Service Enabling and Configuring L2TP Transport ProtocolEnabling and Configuring PPTP Transport Protocol To enable L2TPTo enable PPTP Configuring VPN Network Routing Definitions To configure addition network settingsTo set routing definitions Setting the Log Detail Level for VPN Service Monitoring VPN ServiceSetting the VPN Log Archive Interval To set up the log archive intervalViewing VPN Client Connections Viewing the VPN LogTo view the log To view client connectionsPage How NTP Works NTP ServiceUsing NTP on Your Network Setting Up NTP ServiceTo set up NTP service To configure NTP on clients Configuring NTP on ClientsWhere to Find More Information Request For Comment DocumentsPage IPv6 Support IPv6 Addresses in the Server Admin IPv6 Enabled ServicesIPv6 Addresses NotationIPv6 Reserved Addresses IPv6 Addressing ModelIPv6 Address Types Request For Comment Documents Where to Find More InformationGlossary GlossaryGlossary LDAP Lightweight Directory Access Protocol A standard client-serverprotocol for accessing a directory domain name server See DNS Domain Name System search path See search policy UCE unsolicited commercial email See spam Page Page Index IndexIndex Index