User profile for user: hariharas
hariharas Author
User level: Level 1
0 points

IPFW and Airport + Rules

Hi All,

I am creating a firewall rule using IPFW on my mac machine having an Airport card installed.

The rule is as below

ipfw add deny 802.11 from me to any 22

ipfw add deny 802.11 from me to any 80

ipfw add deny 802.11 from me to any 22 out

ipfw add deny 802.11 from me to any 80 out

But when i try to perform an SSH from another machine to this and vice-versa it works! Ideally it should not work....

However, if i replace the protocol "802.11" with "tcp". It blocks all the SSH option from and to my machine.....

My doubt is isn't Airport card belonging to 802.11n/g technology?


Please explain!!


Network diagram

macbook1 ))))) ((((( macbook2

macbook 1 ---> created a test network (wireless)
macbook2 ---> joined the test network created in macbook1 wirelessly.

Many Thanks for your help!!

reg,
Hari S

iMac Intel, Mac OS X (10.4.11), Mac Book Air

Posted on Nov 4, 2008 7:52 PM

Reply
9 replies
User profile for user: Zorba_le_grec
Zorba_le_grec
User level: Level 3
581 points

Nov 7, 2008 8:39 AM in response to hariharas

hariharas wrote:
Hi All,

I am creating a firewall rule using IPFW on my mac machine having an Airport card installed.

The rule is as below

ipfw add deny 802.11 from me to any 22


This isn't a correct syntax for ipfw on MacOS X.
I advise you to look to the <pre>
man ipfw</pre>.

Always check the effective rules applied with: <pre>
ipfw list</pre>

AirPort is 802.11n. It is a layer 2 protocol.
Exactly as Ethernet (802.3) is a layer 2 protocol.
From the ipfw standpoint, and from the kernel standpoint
there's no difference between an Ethernet and an AirPort frame.

TCP is a layer 3 & 4 protocol, and ssh is using the port
22 of protocol TCP.

You can define a filtering rule about ssh at the TCP level
and not the layer 2 level.
On the other hand, you may define MAC address filtering
with layer 2 level rules.

However, if i replace the protocol "802.11" with "tcp". It blocks all the SSH option from and to my machine.....


And that's quite normal.

My doubt is isn't Airport card belonging to 802.11n/g technology?


AirPort was 802.11g and is now 802.11n.
<pre>--------
don't look for my Macs models in my signature, this would be uggly... and irrelevant 🙂
--
dan</pre>
Reply
User profile for user: Duane
Duane
User level: Level 10
124,293 points

Feb 8, 2009 7:16 AM in response to Adam 552

If the firewall is enabled on MacBook 1, yes you would need to configure the firewall to open port 3050 on en1. If the firewall is disabled all ports are open.

I don't have the experience with ipfw to tell you exactly how to do that. I suggest that you post your question in the appropriate OS X discussion area.
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

IPFW and Airport + Rules

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up