Jamf Nation Community

milesleacy · ‎12-10-2008

Before I exercise my Google-fu, I'm hoping someone can point me at the
correct commands to manage the Mac OS X firewall (on OS X Server, if there's
a difference) via shell script.
Thanks in advance.

----------
Miles A. Leacy IV

? Certified System Administrator 10.4
? Certified Technical Coordinator 10.5
? Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com

tlarkin · ‎12-10-2008

I believe it is just ipfw

larkin$ ipfw -h ipfw syntax summary (but please do read the ipfw(8) manpage): ipfw [-acdeftTnNpqS] <command> where <command> is one of: add [num] [set N] [prob x] RULE-BODY {pipe|queue} N config PIPE-BODY [pipe|queue] {zero|delete|show} [N{,N}] set [disable N... enable N...] | move [rule] X to Y | swap X Y | show

RULE-BODY:check-state [LOG] | ACTION [LOG] ADDR [OPTION_LIST] ACTION:check-state | allow | count | deny | reject | skipto N | {divert|tee} PORT | forward ADDR | pipe N | queue N ADDR:[ MAC dst src ether_type ] [ from IPADDR [ PORT ] to IPADDR [ PORTLIST ] ] IPADDR:[not] { any | me | ip/bits{x,y,z} | IPLIST } IPLIST:{ ip | ip/bits | ip:mask }[,IPLIST] OPTION_LIST:OPTION [OPTION_LIST] OPTION:bridged | {dst-ip|src-ip} ADDR | {dst-port|src-port} LIST | estab | frag | {gid|uid} N | icmptypes LIST | in | out | ipid LIST | iplen LIST | ipoptions SPEC | ipprecedence | ipsec | iptos SPEC | ipttl LIST | ipversion VER | keep-state | layer2 | limit ... | mac ... | mac-type LIST | proto LIST | {recv|xmit|via} {IF|IPADDR} | setup | {tcpack|tcpseq|tcpwin} NN | tcpflags SPEC | tcpoptions SPEC | verrevpath

winkelhe · ‎12-10-2008

I think it's ipfw

Eric Winkelhake
MundocomWW
312.220.1669
312.504.5155
eric.winkelhake at mundocomww.com

Jamf Nation Community

scripting the firewall