HT200259: Turn on the adaptive firewall in macOS Server
Learn about Turn on the adaptive firewall in macOS Server
-
All replies
-
Helpful answers
-
Nov 17, 2015 3:50 PM in response to techfipsby Linc Davis,The default configuration of the adaptive firewall doesn't actually work, though the documentation doesn't bother to mention that fact. Besides following those instructions, you have to edit the file /etc/af.plist. Change the value of the key "firewall_address" from the default "127.0.0.1" to the IP address of the interface on which the server listens.
The linked instructions can't be carried out in El Capitan because of system integrity protection (SIP). You can't edit the file
/System/Library/LaunchDaemons/com.apple.pfctl.plist
while the server is running. Either you have to disable SIP temporarily, boot from another volume, or (my preferred way) copy the file to
/Library/LaunchDaemons
and edit the copy. The new launchd job will supersede the built-in one. Change the filename and the job label to something like "com.myco.pfctl" to avoid confusion.