OS X 10.6 Apply ipfw rules at startup

Posted by Michael Irey on Server Fault See other posts from Server Fault or by Michael Irey
Published on 2011-10-11T22:06:04Z Indexed on 2013/11/01 3:58 UTC
Read the original article Hit count: 496

Filed under:
|
|

I have a couple of firewall rules I would to like to apply at startup. I have followed the instructions from http://images.apple.com/support/security/guides/docs/SnowLeopard_Security_Config_v10.6.pdf On page 192.

However, the rules do not get applied at startup.

I am running 10.6.8 NON Server Edition.

I can however run: (Which applies the rules correctly)

sudo ipfw /etc/ipfw.conf

Which results in:

00100 fwd 127.0.0.1,8080 tcp from any to any dst-port 80 in
00200 fwd 127.0.0.1,8443 tcp from any to any dst-port 443 in
65535 allow ip from any to any

Here is my /etc/ipfw.conf

# To get real 80 and 443 while loading vagrant vbox
add fwd localhost,8080 tcp from any to any 80 in
add fwd localhost,8443 tcp from any to any 443 in

Here is my /Library/LaunchDaemons/ipfw.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
        <string>ipfw</string>
    <key>Program</key>
        <string>/sbin/ipfw</string>
    <key>ProgramArguments</key>
        <array>
            <string>/sbin/ipfw</string>
            <string>/etc/ipfw.conf</string>
        </array>
    <key>RunAtLoad</key>
        <true />
</dict>
</plist>

The permissions of all the files seem to be appropriate:

-rw-rw-r--  1 root  wheel  151 Oct 11 14:11 /etc/ipfw.conf
-rw-rw-r--  1 root  wheel  438 Oct 11 14:09 /Library/LaunchDaemons/ipfw.plist

Any thoughts or ideas on what could be wrong would be very helpful!

© Server Fault or respective owner

Related posts about macosx

Related posts about firewall