Managing the Adaptive Firewall

Another security option in Lion Server is the adaptive firewall. In Lion Server, the adaptive firewall automatically blocks incoming connections that it considers to be dangerous. For example, if a client attempts too many incorrect logins, then a firewall rule restricts that user from attempting to communicate with the server for fifteen minutes. If you’re troubleshooting and you accidentally tripped up one of these rules, then it can be a bit frustrating, which is why Apple gives us afctl, a tool that interacts with the adaptive firewall.

The most basic task you can do with the firewall is to disable all of the existing rules. To do so, simply run afctl (all afctl options require sudo) with a -d option:

afctl -d

When run, the adaptive firewall’s rules are disabled. To re-enable them, use the -e option:

afctl -e

Turning off the rules seems a bit much for most troubleshooting tasks. To remove a specific IP address that has been blacklisted, use the -r option followed by the IP address (rules are enforced by IP):

afctl -r 192.168.210.88

To add an IP to the blacklist, use the -a option, also followed by the IP:

afctl -a 192.168.210.88

To permanently add a machine to the whitelist, use -w with the IP:

afctl -w 192.168.210.88

And to remove a machine from the whittles, use -x. To understand what is going on under the hood, consider this. The blacklisted computers are stored in plain text in /var/db/af/blacklist and the whitelisted computers are stored in the same path in a file called whitelist. The afctl binary itself is stored in /usr/libexec/afctl and the service is enabled by /System/Library/LaunchDaemons/com.apple.afctl.plist, meaning to stop the service outright, use launchctl:

launchctl unload com.apple.afctl.plist

Finally, the configuration file for afctl is at /etc/af.plist. Here you can change the path to the blacklist and whitelist files, change the interval with which it is run, and so on. Overall, the adaptive firewall is a nice little tool for Mac OS X Server security. Any good firewall that sits in front of Lion Server’s firewall is a better tool for protecting systems, given that firewall appliances (even very inexpensive ones) will usually have features such as Stateful Packet Inspection that are capable of blocking far more issues than just incorrect password attempts.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.15.226.120