140

Adding Rules Using serveradmin

If you prefer not to work with the ipfw.conf file, you can use the serveradmin settings command to add firewall rules to your configuration.

Note: Be sure to include the special first setting (ending with = create). This is how you tell serveradmin to create the necessary rule array with the specified rule number.

To add a subnet:

$ sudo serveradmin settings ipfilter:rules:_array_id:rule = create ipfilter:rules:_array_id:rule:source = source ipfilter:rules:_array_id:rule:protocol = protocol ipfilter:rules:_array_id:rule:destination = destination ipfilter:rules:_array_id:rule:action = action ipfilter:rules:_array_id:rule:enableLocked = (yesno) ipfilter:rules:_array_id:rule:enabled = (yesno) ipfilter:rules:_array_id:rule:log = (yesno) ipfilter:rules:_array_id:rule:readOnly = (yesno) ipfilter:rules:_array_id:rule:source-port= port Control-D

Parameter

Description

rule

A unique rule number.

Other parameters

The standard rule settings described under “IPFilter Rules Array” on

 

page 141.

Example:

$ sudo serveradmin settings ipfilter:rules:_array_id:1111 = create ipfilter:rules:_array_id:1111:source = "10.10.41.60" ipfilter:rules:_array_id:1111:protocol = "udp" ipfilter:rules:_array_id:1111:destination = "any via en0" ipfilter:rules:_array_id:1111:action = "allow" ipfilter:rules:_array_id:1111:enableLocked = yes ipfilter:rules:_array_id:1111:enabled = yes ipfilter:rules:_array_id:1111:log = no ipfilter:rules:_array_id:1111:readOnly = yes ipfilter:rules:_array_id:1111:source-port = ""

Control-D

Chapter 13 Working With Network Services

Page 140
Image 140
Apple oxs manual Adding Rules Using serveradmin, Example