簡易 firewall 設定
發表於 : 03/03/2002 7:37 pm
事實上 OS X firewall 都是預設不啟動的, 如果想要讓 firewall 能夠啟動, 則必須要寫 startup script.
以下是一個範例
假設我們要禁止 port 2222 與 port 3464 的進出, 我的做法是:
% sudo mkdir /System/Library/StartupItems/Firewall
% cd /System/Library/StartupItems/Firewall
% sudo cat > Firewall
#!/bin/sh
##
# Firewall
##
. /etc/rc.common
ConsoleMessage "Starting Firewall"
# Firewall Rule
/sbin/ipfw add 0 deny udp from any to any 2222
/sbin/ipfw add 0 deny tcp from any to any 3464
(Ctrl-D 結束)
% sudo cat > StartupParameters.plist
{
Description = "Firewall";
Provides = ("Firewall");
Requires = ("Network");
OrderPreference = "Late";
Messages =
{
start = "Starting firewall";
stop = "Stopping firewall";
};
}
(Ctrl-D 結束)
% sudo chmod +x Firewall StartupParameters.plist
然後重開機
以下是一個範例
假設我們要禁止 port 2222 與 port 3464 的進出, 我的做法是:
% sudo mkdir /System/Library/StartupItems/Firewall
% cd /System/Library/StartupItems/Firewall
% sudo cat > Firewall
#!/bin/sh
##
# Firewall
##
. /etc/rc.common
ConsoleMessage "Starting Firewall"
# Firewall Rule
/sbin/ipfw add 0 deny udp from any to any 2222
/sbin/ipfw add 0 deny tcp from any to any 3464
(Ctrl-D 結束)
% sudo cat > StartupParameters.plist
{
Description = "Firewall";
Provides = ("Firewall");
Requires = ("Network");
OrderPreference = "Late";
Messages =
{
start = "Starting firewall";
stop = "Stopping firewall";
};
}
(Ctrl-D 結束)
% sudo chmod +x Firewall StartupParameters.plist
然後重開機