Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Firewall GUI Software for MAC OSX Server 10.5?


On Mar 27, 2008, at 6:44 PM, 2 go 2 Marketing wrote:
I am comparing it to other firewalls I have worked with.. e.g
Sidewinder Firewall by Secure Computing, Netscreen, Sonicwall, Symantec, etc.

The issue I am referring to more specifically is how the logs identify a problem in the configuration... here is an output of me restarting my firewall and the log's output:

Mar 27 18:39:41 www servermgrd[7911]: servermgr_ipfilter:ipfw config:Notice:Flushed IPv4 rules
Mar 27 18:39:41 www servermgrd[7911]: servermgr_ipfilter:ipfw config:Error:Failure code returned by ipfw/ip6fw command: 64, message: 'Line 29: unrecognised option [-1] from\n\n'
Mar 27 18:39:41 www servermgrd[7911]: servermgr_ipfilter:ipfw config:Error:The invalid rule and all subsequent IPv4 rules were skipped.
Mar 27 18:39:44 www servermgrd[7911]: servermgr_ipfilter:ipfw config:Notice:Disabled firewall
Mar 27 18:39:45 www servermgrd[7911]: servermgr_ipfilter:ipfw config:Notice:Enabled firewall

Nowon the second and third line, I get errors. It say look in Line 29. I have no idea where Line 29 is located. In any other hardware platform firewalling system, I would have a GUI that I could see what rule that is and how to fix it. 

If you were attempting to edit the Advanced rules, your settings will have been stored in
/etc/ipfilter/ipfw.conf 

Perhaps see (and relate) what the output of the following shows you (via the terminal, on the server itself):

head -n 30 /etc/ipfilter/ipfw.conf | cat -n

If commented lines are ignored in the count of that error message (perhaps so), then you might also compare:

sudo ipfw list | head -n 30

A larger question is how did non-functional entries get in there via the GUI ? Line 29 should actually be comment material.

I suggest reading the documentation, 
http://images.apple.com/server/macosx/docs/Network_Services_Admin_v10.5.pdf   (more at more at http://www.apple.com/server/macosx/resources/ )
 starting on p. 77

That should cover the basics to help you understand the proper syntax & formatting for a rule. See the provided examples.

With my Mac Server - Notice I put Mac instead of MAC for Dhan ;) -

You might think he was being pedantic but it was helpful in this case: if you were not aware of the important distinction, you are now :)


I don't know whee to find this error in the rule and how to fix it.

So I guess in a general sense, I do like the Mac Server Software  I just think little tweaks that help aid the dummies such as myself would be nice.

Thanks for all the help guys, I appreciate it.

On Thu, Mar 27, 2008 at 1:43 PM, Jose Hales-Garcia <email@hidden> wrote:

On Mar 27, 2008, at 9:56 AM, 2 go 2 Marketing wrote:

> I need a better administration tool for the MAC Server firewall.

If the Server tool isn't good enough, then what did you have in mind
that you're comparing it to?

> I think I might be doing my rules incorrectly.

Why don't you tell us what you're trying to do?

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden
References: 
 >Firewall GUI Software for MAC OSX Server 10.5? (From: "2 go 2 Marketing" <email@hidden>)
 >Re: Firewall GUI Software for MAC OSX Server 10.5? (From: Jose Hales-Garcia <email@hidden>)
 >Re: Firewall GUI Software for MAC OSX Server 10.5? (From: "2 go 2 Marketing" <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.