Setup guide

4.11.1 Configure the IP Firewall Settings

To configure the Firewall Service locally:

1. Open Server Admin.

2. Click Firewall in the list for the server you’re logged into.

3. Click Settings.

4. Click on the “any” item in the IP Address Group column to show services

available to any other host, which will appear in the right column. These

include IGMP, ICMP Echo Reply, Secure Shell (SSH), Server Admin SSL - also

Web-ASIP, Remote Directory Access, Server Admin via Server Admin App, and

HTTP and HTTPS ports for Tomcat.

5. Uncheck all of these services, unless you specifically need to offer them to

any other host. If you want to offer them only to hosts on your network,

still uncheck them here – the next step involves creating rules for other

machines on the LAN. This includes the items for Server Admin if you’re

running it locally as recommended.

6. If you want to allow services to only machines on a particular subnet (such

as your local network), create a new IP Address Group in the left column.

By default, Apple provides two address groups (named 192.168-net and

10.0.0-net). If these do not fit your network needs, edit or delete them.

7. Check the boxes to allow services for your new IP Address group in the

right column.

8. Select the Advanced tab.

9. Uncheck all the boxes marked “deny.” These explicit denials will be

handled by a rule we’ll add later.

UNCLASSIFIED