How do you operate the Firewall in Mac OS X Server 10.9.4

Question

How do you operate the Firewall in Mac OS X Server 10.9.4

Hi,

I recently upgraded to Mavericks Server - Overall the performance seems excellent but I miss some of the configuration options available in earlier versions.

The firewall is extremely confusing to me as I have come across many articles on how to "activate it" "de-activate" it etc.

How to whitelist/blacklist hosts.

BUT they are all dated a few years ago and don't seem to have kept up to date with 10.9.4

Can someone please advise :-

a) How you turn on the firewall - Security? Or Commands given by Apple

b) How to whitelist/blacklist hosts

Would most appreciate it.

Thanks - Rohin

p.s. The instructions (below from Apple) do not seem to work as I keep getting errors re:

No ALTQ support in kernel

ALTQ related functions disabled

No ALTQ support in kernel

ALTQ related functions disabled

pf enabled

Token : 17664250628180637521

No ALTQ support in kernel

ALTQ related functions disabled

Apple instructions For OS X Server on OS X Mavericks:
sudo pfctl -f /etc/pf.conf
sudo /Applications/Server.app/Contents/ServerRoot/usr/sbin/serverctl enable service=com.apple.afctl
sudo /Applications/Server.app/Contents/ServerRoot/usr/libexec/afctl -c
sudo /Applications/Server.app/Contents/ServerRoot/usr/libexec/afctl -f

Posted on Aug 8, 2014 11:20 AM

Reply

Answer 1

Best reply

Linc Davis

Level 10

209,547 points

Aug 8, 2014 2:33 PM in response to Rohin Hattiangadi

By default, the packet filter operates in adaptive mode, by temporarily blocking IP addresses that make too many failed attempts to connect to services. There's no interface to configure it in Server.app. If you need anything more specialized, you'll either have to edit the configuration files directly (not recommended) or use a third-party interface such as "IceFloor."

Reply

Answer 2

Aug 9, 2014 9:59 AM in response to Linc Davis

HI Linc,

THanks for you response.

i Take it than that the earlier command line posts from Apple are no longer valid.

will check out IceFloor.

THanks again for your help!

p.s. I need the firewall to shut out those cancerous spammers... Awful..

Reply

Answer 3

Aug 9, 2014 6:16 PM in response to Rohin Hattiangadi

If you run profilemanager and icefloor read my last post carefully:

Icefloor blocking Profile Manger Webpage

Best!

Reply

Answer 4

Aug 11, 2014 3:21 PM in response to Linc Davis

Hi Linc,

I have icefloor up and running - Thanks for the recommendation!

Quick question - my #1 known threat is the obscene amount of spam we get - mostly from the usual suspects.

From what I have read the best way to stop this is to go to the "Stop Blocks" list and update the _blacklist group(?)

I will be entering the CIDR information for each spammer I would like to shut down.

I notice that unlike the old Server Admin app there seems to be no way to sort my blocks by the CIDR address (and thereby find it easy to keep track of my blocks and not duplicate etc.)

Am I missing something? Is there an easy way to do this?

Reply

Answer 5

Aug 12, 2014 7:28 AM in response to Rohin Hattiangadi

I answered my own question.

You need to go to the Browser tap (Near top right of window)

then press the Reload PF button (Near bottom left of window)

Then underneath the labels in current path button click the one which says BLOCKS

Then in the top right section of window underneath "PF Tables in current tab" Click the one which says _blacklist

The window table immediately underneath (bottom right of window) Shows them all sorted numerically under "Addresses in selected PF Table"

Thank you everyone for your help - This is definitely a great solution!

Appreciated

Reply