Re: IPFW management policy

In article <47934c16$0$4356$c3e8da3@xxxxxxxxxxxxxxxxx>,
JF Mezei <jfmezei.spamnot@xxxxxxxxxxxxx> wrote:

When I did that ipfw add command, was this a permanent change to some
database, (aka, persist across reboots) ?

No. It will go away on reboot.

Is there an ipfw config file one can edit ? Or will I need to create my
own file containing the extra config lines and then use ipfw with each
boot to read that file ?

You could do that, but there are existing freeware applications that
will do the hard work for you and let you concentrate on rule creation:

Water Roof:
<http://www.macupdate.com/info.php/id/23317/waterroof>

Flying Buttress (used to be called BrickHouse):
<http://www.macupdate.com/info.php/id/5742/flying-buttress>

If you wanted to do it manually, you'd need to create a startup item
that set the rules on startup. These freeware applications do that, and
more.

The Mac has detected my use of the ipfw and has disabled the "firewall"
portion of the Sharing preference panel. (with an alert telling me
that another firewall is running). Will this also persist across reboots ?

Only if you make your rule changes persist (se above).

Is there a"good practice" guide on how to deal with a "manually"
configured firewall on a mac just because one needed one extra rule that
couldn't be added on the OS-X client portion ? (found out the Server
version of OS-X has a GUI that is full featured).

I'm not aware of any such document, other than the ipfw man pages and so
on.

I am somewhat susprised that Apple wouldn't have though of adding one
line in the GUI to permit inbound connection from a subnet/range of IPs.
Seems this would be common on a LAN.

Yep. Apple's firewall interface is very basic.

--
Note: Please send all responses to the relevant news group. If you
must contact me through e-mail, let me know when you send email to
this address so that your email doesn't get eaten by my SPAM filter.

JR
.