Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: John Lockwood
John Lockwood Author
User level: Level 6
13,685 points

PF Firewall configuring frontends

With Mavericks Apple phased out support for the IPFW firewall and switched to using the PF firewall instead. (Yosemite also uses PF.) Clearly one can configure this firewall by hand editing the pf configuration files but the author of a GUI tool for configuring IPFW has also produced a GUI tool for setting up PF firewall rules as well. The name of the IPFW tool is WaterRoof and the name of the PF tool is IceFloor.


I have used or at least experimented with IceFloor before and it does work but I was always slightly concerned about the way it works which is to install a launchd file to cause PF to load a different config file to the standard initial Apple one. My concern was that any Apple updates might break this and this might also make it less compatible with Apple's own firewall settings via Server.app. Of course the advantage is that IceFloor keeps any new rules separate to Apple's rules.


There is however a new PF GUI tool now out, I have not yet tried it myself so I am bringing it to the attention of the Apple community to see if anyone has any feedback on it as yet. See MurusFireWall.

Posted on Dec 12, 2014 1:39 AM

Reply
4 replies
User profile for user: Elton Darby Jr.
Elton Darby Jr.
User level: Level 1
65 points

Sep 24, 2015 3:23 PM in response to John Lockwood

I'm using Murus Pro to block 3,500+ nefarious CIDR's (IP subnet ranges) with amazing flexibility and results. The hack attempts from certain regions are rampant -- far more aggressive than I ever imagined prior to deploying Murus Pro with the Murus Log Visualizer and adaptive/proactive features. Anyone deploying a 24/7 workstation or server that's open to the internet, relying on OS X's ALF firewall, not using Murus & PF, is taking a huge risk, IMO.

Reply
User profile for user: buddyjack2
buddyjack2
User level: Level 1
11 points

Nov 5, 2015 8:15 AM in response to Elton Darby Jr.

Hi, I just got Murus Pro yesterday and am curious how you entered 3500+ CIDR's... did you type them manually, or did you import them from a textfile? I've got a smaller list (1300+) of addresses in CIDR notation, but when I import them into a custom group, only the "base" address of each gets imported, not the CIDR part of the item. The only way I can get a CIDR notation to "stick" seems to be by typing it manually, one by one, in the group's window.


And BTW, I agree completely with you about Murus vs. the OS X firewall, especially since I'm configuring our Mac as an OS X Server.

Reply

PF Firewall configuring frontends

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up