Specifications
Chapter 14 Configuring and Managing Network Services 233
Using ipfilter Groups with the Rules Array
An array of the following settings is included in the ipfilter settings for each defined
IP address group.
These arrays aren’t part of a standard ipfw configuration, but are created by the Server
Admin application to implement the IP Address groups in the General pane of the
Firewall service settings. In an actual list, <group> is replaced with an IP address group.
Defining Firewall Rules
To set up firewall rules for your server, use serveradmin. However, a simpler method is
to add your rules to a configuration file used by Firewall service.
By modifying the file, you can define your rules using standard rule syntax instead of
creating a specialized array to store the rule’s components.
Adding Rules by Modifying ipfw.conf
An ipfw configuration, or ruleset, is made of a list of rules numbered from 1 to 65535.
The file where you can define your rules is /etc/ipfilter/ipfw.conf. Firewall service reads
this file but doesn’t modify it. Its contents are annotated and include commented-out
rules you can use as models.
logAllDenied A parameter that specifies whether to log all denials.
Default =
no
ipAddressGroups:_array_id:
n:address
The address of a defined IP address group, the first
element of an array that defines an IP address group.
ipAddressGroups:_array_id:
n:name
The name of a defined IP address group, the second
element of an array that defines an IP address group.
logAllAllowed Whether to log access allowed by rules.
Default =
no
Parameter (ipfilter:) Description
Parameter (ipfilter:) Description
ipAddressGroupsWithRules:
_array_id:<group>:rules
An array of rules for the group.
ipAddressGroupsWithRules:
_array_id:<group>:addresses
The group’s address.
ipAddressGroupsWithRules:
_array_id:<group>:name
The group’s name.
ipAddressGroupsWithRules:
_array_id:<group>:readOnly
Whether the group is set for read-only.