138

Parameter (ipfilter:)

Description

logAllDenied

Specifies whether to log all denials.

 

Default = no

 

 

ipAddressGroups:_array_id:

The address of a defined IP address group, the first

n:address

element of an array that defines an IP address group.

 

 

ipAddressGroups:_array_id:

The name of a defined IP address group, the second

n:name

element of an array that defines an IP address group.

 

 

logAllAllowed

Whether to log access allowed by rules.

 

Default = no

 

 

IPFilter Groups With Rules Array

An array of the following settings is included in the IPFilter settings for each defined IP address group. These arrays aren’t part of a standard ipfw configuration, but are created by the Server Admin GUI application to implement the IP Address groups on the General pane of the Firewall service settings. In an actual list of settings, <group> is replaced with an IP address group.

Parameter (ipfilter:)

Description

ipAddressGroupsWithRules:

An array of rules for the group.

_array_id:<group>:rules

 

 

 

ipAddressGroupsWithRules:

The group’s address.

_array_id:<group>:addresses

 

 

 

ipAddressGroupsWithRules:

The group’s name.

_array_id:<group>:name

 

 

 

ipAddressGroupsWithRules:

Whether the group is set for read-only.

_array_id:<group>:readOnly

 

 

 

Defining Firewall Rules

You can use serveradmin to set up firewall rules for your server. However, a simpler method is to add your rules to a configuration file used by the service. By modifying the file, you’ll be able to define your rules using standard rule syntax instead of creating a specialized array to store the rule’s components.

Adding Rules by Modifying ipfw.conf

The file in which you can define your rules is /etc/ipfilter/ipfw.conf. The Firewall service reads this file, but doesn’t modify it. Its contents are annotated and include commented-out rules you can use as models. Its default contents are listed below.

For more information, read the ipfw man page.

Chapter 13 Working With Network Services

Page 138
Image 138
Apple oxs manual Defining Firewall Rules, IPFilter Groups With Rules Array, Adding Rules by Modifying ipfw.conf