pfctl, labs, locking down ARD to subnet

Contributor III

Hi All,

Being at a public university, we don't have much of a firewall at the border of campus. Some universities do, and we may in the future, but right now, we don't. =/

I try to keep things relatively locked down via user ACLs, and not having services running, but it occurred to me yesterday that we could pretty easily do a policy on startup for our lab machines that restricted ARD access (5900, and 3283) to just the campus subnet, or even better, just the building subnet.

Has anyone done anything like this? I'm not seeing a definitive, easy to modify pfctl command to firewall off something like this. =/ I'm a little disappointed in the built in Apple firewall GUI, in that you can do application control, but not specific ports. Worse, I don't see anyway to manage it via Configuration Profiles, MCX, etc. =/



New Contributor

same question, no answer? Did you find any solution ?