[RndTbl] Connection tracking in ipfilter (Solaris) or ipfw (Mac OS X)?
Gilbert E. Detillieux
gedetil at cs.umanitoba.ca
Wed Jan 21 12:09:39 CST 2009
On 2009-01-20 19:15, Peter O'Gorman wrote:
> Gilbert E. Detillieux wrote:
>> Any suggestions for clean, secure ways to implement firewall support for
>> these services using ipfilter or ipfw?
>
> For Mac OS X, using ipfw in combination with the Application Firewall
> may accomplish some of what you want:
> http://support.apple.com/kb/HT1810
I'm working on Mac OS X Server, which doesn't have the Application
Firewall (under System Preferences/Security), but instead has a rather
nice Firewall GUI front-end to ipfw, under the Server Admin app.
However, this does not provide the functionality I'm looking for. It
did make the basic ipfw setup much easier, though. (Only needed a
couple manual-override rules that I couldn't set up through the GUI.)
> There is also a GUI frontend for ipfw on Mac OS X, don't know if it's
> any good - http://www.hanynet.com/waterroof
I had heard of this, but I haven't tried it. It looks like an
alternative to what's provided in Server Admin. (Perhaps it would be
more useful under the non-Server versions of Mac OS X.)
> For Solaris, I don't know, I'm afraid, I guess you found the FAQ?
> http://www.phildev.net/ipf/long.html
Looked through that FAQ already, as well as the IPF Howto it references.
Their solution to the passive FTP server problem is to open up a port
range in the firewall, and configure the FTP server to use that port
range for passive data transfers.
I was hoping for a better solution, including one that would work for
Amanda backups as well, using connection tracking. However, it looks
like the open port range solution is the best I can hope for right now.
Anyway, thanks for your reply.
--
Gilbert E. Detillieux E-mail: <gedetil at muug.mb.ca>
Manitoba UNIX User Group Web: http://www.muug.mb.ca/
PO Box 130 St-Boniface Phone: (204)474-8161
Winnipeg MB CANADA R2H 3B4 Fax: (204)474-7609
More information about the Roundtable
mailing list