Tadek’s Blog

[Interesting link on surviving traffic storms with Wordpress](http://turbochargedcms.com/2007/04/weathering-heavy-traffic-with-wordpress-and-turbocharged/): not that I currently need it, but maybe in the future…

In a nutshell:

1. fine tuning of Apache (adjusting #processes, keep alives and ListenBacklog to values that match your machine’s constraints).
2. fine tuning of MySQL query caching
3. installing [WP-Cache plugin](http://mnm.uib.es/gallir/wp-cache-2/) + adaptive switching on of WP-cache plugin (only in heavy-load condition)
5. disabling some plugins (the ones that take up a lot of resources)
6. enabling Squid caching for static content.

Having extensively used Linux before I found GUI configuration of OSX firewall somewhat lacking. In particular, I wanted to limit outgoing access to some IP addresses (but I can imagine you may want to play with other things as well).

I found that I could buy [Flying Buttress](http://personalpages.tds.net/~brian_hill/flyingbuttress.html) which should allow me to do this, but I really don’t need a graphical ipfw frontend, especially the one I’d have to pay for All I needed was to write some ipfw rules and make them persistent.

Here’s what I did:

mkdir /Library/StartupItems/CustomIPFWRules
cd !$

Created a file called `StatupParameters.plist` containing:

{
Description = “Custom Tadek’s IPFW Rules”;
Provides = (“CustomIPFWRules”);
Uses = (“Network”);
}

Created a file called `CustomIPFWRules` (the name has to match the directory name) containing a simple shell script:

#!/bin/sh

. /etc/rc.common

case “$1″ in
start)

ConsoleMessage “applying tadek’s ipfw rules”
ipfw add 2045 deny tcp from any to “ip_I_want_to_block” out
;;
esac

exit 0

Voila!

BTW: a [useful link on playing with Firewall in OSX](http://www.macdevcenter.com/pub/a/mac/2005/03/15/firewall.html).