advertisement

Article:
  Tiger's Improved Firewall (and How to Use It)
Subject:   Disable firewall for the local network
Date:   2005-11-03 08:50:07
From:   salamon
Response to: Disable firewall for the local network

With ipfw you wouldn't disable the firewall for 'the local network'. Instead you would leave the firewall enabled but write rules that only allowed traffic from the local network. Learning to use ipfw rules syntax is a bit difficult.


Below is a sample of the rules I use, but they're probably not much use if you don't already know how to write them :( In addition once you start writing your own rules you can no longer use the System Preferences pane to manage the firewall. At least that's how it worked pre-Tiger. One more caveat and addendum is that I'm not an expert in this, I just played around with it until I got the behavior I wanted.



These rules would allow anyone on your network to access the web server but block anyone else, if your network used the 192.168.0.x subnet. It would also log any attempts to access it from outside your network.


$oip is your external ip address, probably something like 192.168.0.2, in this example.


ipfw add allow tcp from 192.168.0.0/24 to $oip 80,443 setup
ipfw add deny log tcp from any to $oip 80,443 setup