[Discuss] OSX 10.8 Mountain Lion firewall (Re: OSX Lion firewall)

[robert at laferla.net (Robert La Ferla)]

Thanks. I ended up using IceFloor to generate a persistent pf configuration.  ipfw has been deprecated for pf.  

Sent from my iPad Mini

On Apr 29, 2013, at 7:55 PM, Jared Carlson <jcarlson23 at yahoo.com> wrote:

> Hi Robert,
> 
> For #1 I believe it's:
> 
> sudo ipfw add fwd localhost:8080 tcp from any to any 80 in
> 
> for #2 I think it's:
> 
> sudo ipfw add allow tcp from any to any dst-port 22
> 
> It's best practice to give a rule number though, so..
> 
> sudo ipfw add 1000 allow tcp from any to any dst-port 22
> 
> and so for #3 we adapt #2?
> 
> sudo ipfw add 1100 allow tcp from xxx.xxx.xxx.xxx to any dst-port 8888
> 
> FreeBSD looks like they have the best resources, as I'm not an expert but usually playing around gets me where I want to go..
> 
> Hope that helps,
> 
> - Jared
> 
> 
> 
> On Apr 29, 2013, at 7:29 PM, Robert La Ferla <robert at laferla.net> wrote:
> 
>> Correction:  I meant OSX 10.8 Mountain Lion and not 10.7 Lion.
>> 
>> On Apr 29, 2013, at 4:33 PM, Robert La Ferla <robert at laferla.net> wrote:
>> 
>>> I need some help configuring some basic firewall rules for OSX Lion.  It's my understanding that OS X Lion uses "pf" but that "ipfw" is available but deprecated.
>>> 
>>> Using either of these, how can I:
>>> 
>>> Deny all traffic except:
>>> 
>>> 1. Allow TCP port 80 BUT forward it to localhost:8080
>>> 2. Allow TCP port 22 from any IP address
>>> 3. Allow TCP port 8888 from specific IP addresses
>>> 
>>> Lastly, I want to make these rules persistent so that they are reapplied on reboot.
>>> 
>>> Thanks in advance,
>>> Robert
>> 
>> _______________________________________________
>> Discuss mailing list
>> Discuss at blu.org
>> http://lists.blu.org/mailman/listinfo/discuss
>