138
Parameter (ipfilter:) | Description |
logAllDenied | Specifies whether to log all denials. |
| Default = no |
|
|
ipAddressGroups:_array_id: | The address of a defined IP address group, the first |
n:address | element of an array that defines an IP address group. |
|
|
ipAddressGroups:_array_id: | The name of a defined IP address group, the second |
n:name | element of an array that defines an IP address group. |
|
|
logAllAllowed | Whether to log access allowed by rules. |
| Default = no |
|
|
IPFilter Groups With Rules Array
An array of the following settings is included in the IPFilter settings for each defined IP address group. These arrays aren’t part of a standard ipfw configuration, but are created by the Server Admin GUI application to implement the IP Address groups on the General pane of the Firewall service settings. In an actual list of settings, <group> is replaced with an IP address group.
Parameter (ipfilter:) | Description |
ipAddressGroupsWithRules: | An array of rules for the group. |
_array_id:<group>:rules |
|
|
|
ipAddressGroupsWithRules: | The group’s address. |
_array_id:<group>:addresses |
|
|
|
ipAddressGroupsWithRules: | The group’s name. |
_array_id:<group>:name |
|
|
|
ipAddressGroupsWithRules: | Whether the group is set for |
_array_id:<group>:readOnly |
|
|
|
Defining Firewall Rules
You can use serveradmin to set up firewall rules for your server. However, a simpler method is to add your rules to a configuration file used by the service. By modifying the file, you’ll be able to define your rules using standard rule syntax instead of creating a specialized array to store the rule’s components.
Adding Rules by Modifying ipfw.conf
The file in which you can define your rules is /etc/ipfilter/ipfw.conf. The Firewall service reads this file, but doesn’t modify it. Its contents are annotated and include
For more information, read the ipfw man page.
Chapter 13 Working With Network Services
