blog advertising is good for you


blog advertising is good for you
User login

AppleFirewall/ipfw - Can default rule be modified?

By facecentredcubic » Posted on November 20, 2007 - 7:30am

OS X 10.4.x

After having seen the Jay Beale article on Apple’s firewall [link http://bastille-linux.sourceforge.net/jay/dc14.pdf], I tried playing around with ipfw rules through Flying Buttress & the command line, and that was fun, but no matter what I tried, it seems that traffic was still passing through the Apple-ipfw default rule (65535).

sudo ipfw list

35000 deny log logamount 65535 udp from any to any in
65000 deny ip from any to any in
65500 deny log ip from any to any
65520 allow log ip from any to any
65535 allow ip from any to any

The next-to-last rule was added in the attempt to pick up what I had obviously failed to elsewhere block. Made no difference.

sudo ipfw show

35000 0 0 deny log logamount 65535 udp from any to any in
65000 0 0 deny ip from any to any in
65500 0 0 deny log ip from any to any
65520 0 0 allow log ip from any to any
65535 5421 479002 allow ip from any to any

So it looks like something is simply bypassing the ipfw rules or being piped straight to 65535. Though I apparently can’t stop this traffic, it would be nice to know at least what it is.

Is there any way to modify the default rule to log traffic?

Thanks

Average rating
(0 votes)
‹ How to identify a PCMCIA's chipset by CLI A different $HOME for ssh users ›
About facecentredcubic

Author Biography

Dodderer

Re: AppleFirewall/ipfw - Can default rule be modified?
Anonymous (not verified) on December 14, 2007 - 3:39am

Maybe check out this example ipfw rule set: http://textsnippets.com/posts/show/1267

Post new comment
The content of this field is kept private and will not be shown publicly.
4 + 15 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.