60
Controlling or Enabling Network Game Usage
Sometimes network administrators need to control the use of network games. The games might use network bandwidth and resources inappropriately or disproportionately.
You can cut off network gaming by blocking all traffic incoming and outgoing on the port number used by the game. You’ll have to determine the port used for each network game in question. By default, Mac OS X Server’s firewall blocks all ports not specifically opened.
You can choose to limit network game usage to IP addresses behind the firewall. To do so, you’ll need to open the appropriate port on your LAN interface, but continue to block the port on the interface connected to the Internet (WAN interface). Some games require a connection to a gaming service for play, so this may not be effective. To learn how to make a firewall filter, see “Creating an Advanced IP Filter for TCP ports” on page 51.
You can open the firewall to certain games, allowing network games to connect to other players and game services outside the firewall. To do this, you’ll need to open up the appropriate port on your LAN and WAN interface. Some games require more than one port to be open. Consult the game’s documentation for networking details. To learn how to make a firewall filter, see “Creating an Advanced IP Filter for TCP ports” on page 51.
Advanced Configuration
You might prefer to use a
Background
When you click the Save button in Server Admin, all the old rules are flushed and new rules are loaded and apply immediately. This happens whether the IP firewall service is started or stopped. If the IP firewall service is running, it is stopped long enough to reload the rules, and it automatically restarts. The new rules are loaded from three sources:
•The rules from both the General and the Advanced panels (stored in /etc/ipfilter/ ip_address_groups.plist).
•The manually configured ipfw rules, if any (stored in /etc/ipfilter/ipfw.conf).
•The NAT divert rule, if the NAT service is running.
Chapter 3 IP Firewall Service
