OS X 10.6 Apply ipfw rules at startup
Posted
by
Michael Irey
on Server Fault
See other posts from Server Fault
or by Michael Irey
Published on 2011-10-11T22:06:04Z
Indexed on
2013/11/01
3:58 UTC
Read the original article
Hit count: 496
I have a couple of firewall rules I would to like to apply at startup. I have followed the instructions from http://images.apple.com/support/security/guides/docs/SnowLeopard_Security_Config_v10.6.pdf On page 192.
However, the rules do not get applied at startup.
I am running 10.6.8 NON Server Edition.
I can however run: (Which applies the rules correctly)
sudo ipfw /etc/ipfw.conf
Which results in:
00100 fwd 127.0.0.1,8080 tcp from any to any dst-port 80 in
00200 fwd 127.0.0.1,8443 tcp from any to any dst-port 443 in
65535 allow ip from any to any
Here is my /etc/ipfw.conf
# To get real 80 and 443 while loading vagrant vbox
add fwd localhost,8080 tcp from any to any 80 in
add fwd localhost,8443 tcp from any to any 443 in
Here is my /Library/LaunchDaemons/ipfw.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>ipfw</string>
<key>Program</key>
<string>/sbin/ipfw</string>
<key>ProgramArguments</key>
<array>
<string>/sbin/ipfw</string>
<string>/etc/ipfw.conf</string>
</array>
<key>RunAtLoad</key>
<true />
</dict>
</plist>
The permissions of all the files seem to be appropriate:
-rw-rw-r-- 1 root wheel 151 Oct 11 14:11 /etc/ipfw.conf
-rw-rw-r-- 1 root wheel 438 Oct 11 14:09 /Library/LaunchDaemons/ipfw.plist
Any thoughts or ideas on what could be wrong would be very helpful!
© Server Fault or respective owner