Server Admin 10.4 Help

Creating an Advanced IP Firewall Rule

You can use the Advanced Settings pane to configure very specific rules for IP Firewall. IP firewall rules contain originating and destination IP addresses with subnet masks. They also specify what to do with the network traffic received. You can apply a rule to all IP addresses, a specific IP address, or a range of IP addresses.

Addresses can be listed as individual addresses (192.168.2.2), IP address and CIDR notation (192.168.2.0/24), or IP address and netmask notation (192.168.2.0:255.255.255.0).

The information below replaces the information for this topic on page 70 of Mac OS X Server Network Services Administration for Version 10.4 or Later

Please disregard the information for this topic on page 70 in Mac OS X Server Network Services Administration for Version 10.4 or Later.

  1. In Server Admin, choose Firewall from the Computers & Services list.
  2. Click Settings.
  3. Select the Advanced tab.
  4. Click the Add ( + ) button.

    Alternatively, you can select a rule similar to the one you want to create, and click Duplicate then Edit.

  5. Select whether this rule will allow or deny access in the Action pop-up menu.

    If you choose Other, enter the action desired (for example, log).

  6. Choose a protocol from the Protocol pop-up menu.

    If you choose Other, enter the protocol desired (for example, icmp, esp, ipencap).

  7. Choose a service from the Service pop-up menu.

    If you want to select a nonstandard service port, choose Other.

  8. If desired, choose to log packets that match the rule.
  9. Choose an address group from the Address pop-up menu as the source of filtered traffic.

    If you don't want to use an existing address group, enter the source IP address range (with CIDR notation) you want to filter.

    If you want it to apply to any address, choose "any" from the pop-up menu.

  10. If you have selected a nonstandard service port, enter the source port number.
  11. Choose an address group from the Source pop-up menu as the destination of filtered traffic.

    If you don't want to use an existing address group, enter the destination IP address range (with CIDR notation).

    If you want it to apply to any address, choose "any" from the pop-up menu.

  12. If you have selected a nonstandard service port, enter the destination port number.
  13. Choose which network interface this rule applies to.

    "In" refers to the designated WAN interface.

    "Out" refers to the designated LAN interface.

    If you select Other, enter the interface name (en0, en1, fw1, and so on)

  14. Click OK.
  15. Click Save to apply the rule immediately.
Keywords: khelp ksa