With ipfw, don't be stupid like me

[rharder]

<b>ipfw</b> is the tool for configuring the built-in-but-not-used firewall in OS X. I thought I'd start my rule sets by blocking all traffic and then allowing only what I wanted.

<b>Don't do this:</b>

% <b>sudo ipfw add 65534 deny all from any to any</b>

That effectively stopped all IP traffic including (I don't know why) any future ipfw commands.

Fortunately I just forced a reboot (oh, yes, logging out was messed up too) which wiped the rules. Whooh!

In other news, I see there are two firewall programs out there: Brickhouse and Firewalk X. They're both kinda interesting, but I'm still writing another. I want to be able to manipulate the rules through a sort of table view that I can rearrange.

-Rob

 

[roger]

You have specifically denied all ports to all IPs in the last rule in the set. The last one is one that has precedence (I think - haven't tested it yet) because the rules are applied in order of the order number.

http://wopr.norad.org/articles/firewall/ipfw.html is a great place to look for tips on using ipfw.

Hope that this helps,

R.

 

[rharder]

Yeah, even adding it as rule 65,534 was pointless since it was the first rule I actually entered at the prompt.

Doh!

-Rob