Skip navigation

How to add specific ports to OS X Lion firewall

1755 Views 3 Replies Latest reply: Sep 12, 2011 6:20 PM by etresoft RSS
iosw Calculating status...
Currently Being Moderated
Sep 12, 2011 3:43 PM

I need to add specific ports/port ranges to the OS X Lion clients' firewalls, any ideas?


OS X Lion firewall settings only allow adding applications.  There is no "LDAP" application, it's built into the Network preferences settings.  The LDAP server is an OS X Lion Server running Open Directory.

Mac OS X (10.7.1)
  • etresoft Level 7 Level 7 (23,890 points)
    Currently Being Moderated
    Sep 12, 2011 5:46 PM (in response to iosw)

    You only need open ports on the server side. The clients make outgoing connections which are not restricted by the firewall.

  • etresoft Level 7 Level 7 (23,890 points)
    Currently Being Moderated
    Sep 12, 2011 6:20 PM (in response to iosw)

    iosw wrote:


    I guess the flexibility in the regular Lion clients with ports is not possible.  It's only possible with OS X Lion Server, fair enough.

    No, you can configure both the client and server as much as you want. The only issue is that most people just don't understand what a firewall does (they think it is the same as anti-virus) so neither Apple nor I will bother explaining all the nitty-gritty details right off the bat.


    The client version of Lion doesn't need to be providing any services at all. Hence, there is really no need to run the firewall. If you are doing something fancy that the application firewall doesn't quite support, then you might want to run the real ipfw firewall instead. It is also installed on the client, but isn't a tool for the great unwashed.


    Personally, I find the fancy stuff pretty interesting, but I don't think you are doing that.


    We're trying to configure SSL within the Lion clients and didn't know if there was an incoming requirement.  There's a bug (logged even by Apple) when Lion client's attempt to bind to an SSL enabled Open Directory server.  So the firewall preferences wasn't the reason for this failure.  We're resorting to non-SSL binding until Apple fixes the problem, although we running on a private network and can get away with non-SSL for the time being.


    You might want to ask about this in the Server forums. This could be a situation where Apple isn't going to bother explaining the details on how to fix it because it would just confuse most people and they may already have it fixed in-house. It has already been discussed and some people say they have fixes. See the details in this thread.


More Like This

  • Retrieving data ...

Bookmarked By (0)


  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.