random sub rosa: host firewall for the mac

Wednesday, November 11, 2009

host firewall for the mac

#!/bin/sh
#fwrules

IPFW='/sbin/ipfw -q'

$IPFW -f flush
$IPFW add 2000 allow ip from any to any via lo*
$IPFW add 2010 deny log ip from 127.0.0.0/8 to any in
$IPFW add 2020 deny log ip from any to 127.0.0.0/8 in
$IPFW add 2030 deny log ip from 224.0.0.0/3 to any in
$IPFW add 2040 deny log tcp from any to 224.0.0.0/3 in
$IPFW add 2050 allow log tcp from any to any out
$IPFW add 2060 allow tcp from any to any established
$IPFW add 12190 deny log tcp from any to any

Then apply it to the firewall

# sudo ipfw list
# chmod 600 ./rules
# sudo ipfw ./rules

random sub rosa

Wednesday, November 11, 2009

host firewall for the mac

No comments:

ClustrMaps