IPFilter Rules Array, Firewall serveradmin Commands | Apple oxs

IPFilter Rules Array

An array of the following settings is included in the IPFilter settings for each defined firewall rule. In an actual list of settings, <rule> is replaced with a rule number. You can add a rule by using serveradmin to create such an array in the firewall settings (see “Adding Rules Using serveradmin” on page 140).

Parameter (ipfilter:)	Description
rules:_array_id:<rule>:	The source of traffic governed by the rule.
source

rules:_array_id:<rule>:	The protocol for traffic governed by the rule.
protocol

rules:_array_id:<rule>:	The destination of traffic governed by the rule.
destination

rules:_array_id:<rule>:	The action to be taken.
action

rules:_array_id:<rule>:	Whether the rule is enabled.
enabled

rules:_array_id:<rule>:	Whether activation of the rule is logged.
log

rules:_array_id:<rule>:	Whether read-only is set.
readOnly

rules:_array_id:<rule>:	The source port of traffic governed by the rule.
source-port

Firewall serveradmin Commands

You can use the following commands with the serveradmin application to manage Firewall (ipfilter) service.

Command
(ipfilter:command=)	Description
getLogPaths	Find the current location of the log used by the service.
	Default = /var/log/system.log

getStandardServices	Retrieve a list of the standard services as they appear on the
	General pane of the Firewall service settings in the Server Admin
	GUI application.

writeSettings	Equivalent to the standard serveradmin settings command,
	but also returns a setting indicating whether the service needs to
	be restarted. See “Determining Whether a Service Needs to be
	Restarted” on page 19.

Chapter 13 Working With Network Services

141

Image 141

Apple oxs manual IPFilter Rules Array, Firewall serveradmin Commands

Contents

Mac OS X Server Command-Line Administration 034-2354/10-24-03 Contents Energy Saver Settings Setting General System PreferencesViewing or Changing Sleep Settings Power Management Settings Mounting and Unmounting Volumes Working With Disks and VolumesMounting Volumes Unmounting Volumes AFP Service Working With File ServicesStarting and Stopping AFP Service Checking AFP Service Status Starting and Stopping Print Service Working With Print ServiceChecking the Status of Print Service Viewing Print Service Settings Changing Settings Using serveradmin 157 Configuring Ldap 156 Changing Open Directory Service Settings 157 171 Index Command Parameters and Options Commands and Other Terminal TextNotation Conventions Summary Commands Requiring Root Privileges Default Settings To open Terminal Using Terminal Repeating Commands Correcting Typing ErrorsIncluding Paths Using Drag-and-Drop To type a command $ sudo serveradmin list Sending a Single Command Sending Commands to a Remote ServerExample ssh -l admin To open a connection to a remote server Updating SSH Key Fingerprints Using Telnet Getting Online Help for CommandsTo enable Telnet access To disable Telnet access Determining Whether a Service Needs to be Restarted ServersetupPage Automating Server Setup Installing Server SoftwareCreating a Configuration File Template To save a template configuration file during server setup Installing Server Software and Finishing Basic Setup Installing Server Software and Finishing Basic Setup Installing Server Software and Finishing Basic Setup Changing Server Settings Naming Configuration FilesStoring a Configuration File in an Accessible Location Updating Server Software Viewing, Validating, and Setting the Software Serial Number Moving a Server Page Automatic Restart ExamplesTo restart the local server To restart a remote server immediately Shutting Down a Server Changing a Remote Server’s Startup DiskTo change the startup disk To shut down a remote server immediately Date and Time Computer NameViewing or Changing the Computer Name To display the server’s computer name Viewing or Changing the System Date Viewing or Changing the System TimeViewing or Changing the System Time Zone Viewing or Changing Sleep Settings Energy Saver SettingsViewing or Changing Automatic Restart Settings Viewing or Changing Network Time Server Usage Power Management Settings Startup Disk SettingsViewing or Changing the Startup Disk International Settings Sharing SettingsViewing or Changing Remote Login Settings Viewing or Changing Language Settings Login Settings To view the current settingDisabling the Restart and Shutdown Buttons Viewing Port Names and Hardware Addresses Viewing or Changing Media Settings Network Port ConfigurationsCreating or Deleting Port Configurations Activating Port Configurations TCP/IP Settings Changing Configuration PrecedenceChanging a Server’s IP Address To view TCP/IP settings for port en0 To list TCP/IP settings for a configurationTo view TCP/IP settings for a particular port or device To change TCP/IP settings for a particular port or device Viewing or Changing DNS Servers Proxy Settings AppleTalk SettingsViewing or Changing FTP Proxy Settings Enabling TCP/IP Viewing or Changing Secure Web Proxy Settings Viewing or Changing Web Proxy SettingsViewing or Changing Streaming Proxy Settings Viewing or Changing Gopher Proxy Settings Viewing or Changing Socks Firewall Proxy Settings AirPort SettingsViewing or Changing Airport Settings Computer, Host, and Rendezvous Name Viewing or Changing the Rendezvous Name Viewing or Changing the Local Host NamePage Checking for Disk Problems Mounting VolumesUnmounting Volumes Monitoring Disk Space Reclaiming Disk Space Using Log Rolling Scripts Turning on Journaling for an Existing Volume Checking to See if Journaling is EnabledManaging Disk Journaling Example Setting Up a Case-Sensitive HFS+ File System Enabling Journaling When You Erase a DiskErasing, Partitioning, and Formatting Disks Disabling Journaling To image a boot volume Imaging and Cloning Volumes Using ASRTo restore a volume from an image Hdiutil convert -format Udzo pathtoimage -o compressedimage To create a user To create a user with a specific UIDTo create a user with a specific UID and home directory To import users and groups Importing Users and Groups Writing a Record Description Creating a Character-Delimited User Import FileUse the shorthand StandardGroupRecord DSRecTypeStandardGroups Using the StandardUserRecord Shorthand User Attributes AttributeFormat Sample values Attribute Format Sample values AdminLimits MCXSettingsAuthentication AuthenticationHint MailAttribute field Description Sample values Mail Attributes in User Records KNotificationState NotificationStateNotificationOff is assumed NotificationStaticIP Value Checking a Server User’s Name, UID, or Password Creating a User’s Home Directory Checking a User’s Administrator PrivilegesCreating a Group Folder Mounting a User’s Home DirectoryPage To list existing share points Listing Share Points Creating a Share Point To create a share pointExamples AFP Service List of AFP Settings Changing AFP Settings AdminGetsSp Admin31GetsSpAllowRootLogin AttemptAdminAuth AdminUsers GuestAccessDefault = afpserver LogLogin Default = classicpermissions UnixwithclassicadminpermissionsNoadminkills SpecialAdminPrivs Listing Connected Users List of AFP serveradmin CommandsTo list connected users Output Sending a Message to AFP Users Disconnecting AFP UsersTo send a message To disconnect users Canceling a User Disconnect To cancel a disconnectValue Description To list samples Listing AFP Service Statistics Starting and Stopping NFS Service NFS ServiceChecking NFS Service Status Viewing NFS Settings FTP Service Changing FTP Settings FTP SettingsParameter ftp Ftpcommand= Description List of FTP serveradmin CommandsPage Changing SMB Settings Viewing SMB SettingsTo list all SMB service settings Or see List of SMB Service Settings on Parameter smb Description List of SMB Service Settings Local master Netbios nameLog level Max smbd processes List of SMB serveradmin Commands Smbcommand= DescriptionListing SMB Users Value returned by getConnectedUsers Disconnecting SMB Users Updating Share Point Information Listing SMB Service Statistics Smb-log Viewing SMB Service LogsVar/log/samba/log.smbd Name-logPage Viewing Print Service Settings Checking the Status of Print Service Changing Print Service Settings Print Service SettingsParameter print Description Parameter printDescription Queue Data Array Here is an example of a queue array parameter block Pausing a Queue Print Service serveradmin CommandsListing Queues To pause a queue Listing Jobs and Job Information Holding a JobTo hold a job To release the job Viewing Print Service Log FilesPage Viewing NetBoot Settings Checking NetBoot Service Status NetBoot Service Settings Changing NetBoot SettingsGeneral Settings Parameter netboot Description Filters Record Array Storage Record Array Image Record Array IsEnabledAtIndex NetBootPortsRecordsArrayarrayindexmPort Record Array EthernetPage Viewing Mail Service Settings Checking the Status of Mail Service Changing Mail Service Settings Mail Service SettingsParameter mail Description Postfixlmtpsaslpasswordmaps PostfixdisablevrfycommandPostfixsmtpsaslpasswordmaps Postfixsmtpsaslauthenable Postfixmailboxcommand PostfixdeliverlockdelayPostfixdefaultverpdelimiters Postfixcleanupservicename Postfixdisablemimeoutputconversion PostfixforkdelayPostfixsmtpdtimeout Postfixsmtpderrorsleeptime Postfixtriggertimeout PostfixdelaywarningtimePostfixrelaytransport Postfixaliasmaps Postfixalternateconfigdirectories PostfixsmtpdnoopcommandsPostfixdefaulttransport Postfixsmtpddelayreject Postfixipctimeout PostfixqueueservicenamePostfixdefaultprivs Postfixinflowdelay Postfixsmtppixworkarounddelaytime PostfixshowqservicenamePostfixqmqpdtimeout Postfixignoremxlookuperror Postfixcontentfilter PostfixbounceservicenamePostfixqmqpderrordelay Postfixsmtpdsenderloginmaps Postfixlmtpdatadonetimeout PostfixdefaultextrarecipientlimitPostfixlmtpdataxfertimeout Postfixsmtpdatadonetimeout Imapmupdateserver ImappoptimeoutImaptimeout Imapenablepop Imapsrvtab Default = /etc/srvtab Imapimapauthlogin ImapdefaultpartitionImapenableimap Imapallowanonymouslogin Command Mail serveradmin Commands Listing Mail Service Statistics To display the log locations Viewing the Mail Service Logs Generating a CSR and Creating a Keychain Setting Up SSL for Mail Service 120 Importing an SSL Certificate Into the Keychain Obtaining an SSL Certificate Creating a Passphrase File Setting Up SSL for Mail Service on a Headless Server Viewing Web Settings Checking Web Service Status Serveradmin and Apache Settings Changing Web SettingsChanging Settings Using serveradmin An appropriate value for the setting Viewing Service Logs Web serveradmin CommandsListing Hosted Sites To list sites Requestspersecond for Viewing Service StatisticsCacherequestspersecond for Cachethroughput for Example Script for Adding a Website Addsite FileAddsite.in File Ipaddress To run the scriptPort Root Starting and Stopping Dhcp Service Dhcp ServiceChecking the Status of Dhcp Service Viewing Dhcp Service Settings Changing Dhcp Service Settings Dhcp Service SettingsParameter dhcp Description Dhcp Subnet Settings Array About Subnet IDsSubnet Parameter Netaddress LeasetimesecsNetmask Netrangeend To add a subnet Adding a Dhcp SubnetWINSscopeid WINSsecondaryserver Viewing the Dhcp Service Log List of Dhcp serveradmin CommandsCommand Dhcpcommand=Description Location of the DNS service log DNS Service Listing DNS Service Statistics Firewall ServiceStarting and Stopping Firewall Service Sample Output Viewing Firewall Service Settings Checking the Status of Firewall ServiceChanging Firewall Service Settings Firewall Service Settings IPFilter Groups With Rules Array Defining Firewall RulesAdding Rules by Modifying ipfw.conf Parameter ipfilter Description Unmodified ipfw.conf file Adding Rules Using serveradmin ExampleRule IPFilter Rules Array Firewall serveradmin Commands NAT Service Changing NAT Service Settings NAT Service SettingsParameter nat Description NAT serveradmin Commands Viewing the NAT Service LogParameter natDescription Starting and Stopping VPN Service VPN ServiceChecking the Status of VPN Service Viewing VPN Service Settings Parameter vpnServers Description List of VPN Service Settings PPPAuthenticatorPlugins Arrayindex n Com.name.ppp.l2tp PPPDSACLEnabled Com.name.ppp.l2tpPPPLCPEchoEnabled Com.name.ppp.l2tp PPPVerboseLogging Com.name.ppp.l2tp PPPAuthenticatorPlugins Arrayindexn Com.name.ppp.pptp PPPDSACLEnabled Com.name.ppp.pptpPPPLCPEchoEnabled Com.name.ppp.pptp PPPCCPEnabled Com.name.ppp.pptp Viewing the VPN Service Log List of VPN serveradmin CommandsVPN Service Log on this Be restarted. See Determining Whether a Service Needs to be Requirements IP FailoverFailover Operation Hardware Enabling IP Failover To enable IP failover Configuring IP Failover Notification OnlyPre and Post Scripts Enabling PPP Dial-In Page Testing Open Directory Plugins Testing Your Open Directory ConfigurationGeneral Directory Tools Modifying an Open Directory Node Registering URLs With Service Location Protocol SLP Changing Open Directory Service SettingsParameter dirserv Description Configuring Ldap Standard Distribution ToolsProgram Used to Idle Timeout Delay RebindIdle Rebinding Options Additional Information About Ldap NetInfo Password Server Kerberosautoconfig KdcsetupKerberos and Single Sign On Tool in usr/sbin Description Checking Qtss Service Status Stopping Qtss Service Changing Qtss Settings Viewing Qtss SettingsTo list all Qtss service settings $ sudo serveradmin settings qtss Descriptions of Settings Qtss SettingsQtss parameters you might change Parameter qtss Description AdministratorGroup ModulesarrayidQTSSAdminModule ModulesarrayidQTSSAdminModuleAuthenticate ModulesarrayidQTSSAdminModule Enableremoteadmin ModulesarrayidQTSSAdminModule Enablebroadcastannounce ModulesarrayidQTSSReflectorModule Disableoverbuffering ModulesarrayidQTSSReflectorModuleEnablebroadcastpush ModulesarrayidQTSSReflectorModule Serverdefaultauthorizationrealm Listing Current Connections Qtss serveradmin Commands Viewing Qtss Service Statistics Forcing Qtss to Re-Read its Preferences Error.logTo force Qtss to re-read its preferences Library/QuickTimeStreaming/Logs To set up /Sites/Streaming in older home directories Preparing Older Home Directories for User StreamingCreated Page Index Installer command 21 IP address Kdcsetup utility 160 KerberosKerberosautoconfig tool 173 174 Used by ldapsearch 157 scripts 175