Tadek’s Blog

Having extensively used Linux before I found GUI configuration of OSX firewall somewhat lacking. In particular, I wanted to limit outgoing access to some IP addresses (but I can imagine you may want to play with other things as well).

I found that I could buy [Flying Buttress](http://personalpages.tds.net/~brian_hill/flyingbuttress.html) which should allow me to do this, but I really don’t need a graphical ipfw frontend, especially the one I’d have to pay for All I needed was to write some ipfw rules and make them persistent.

Here’s what I did:

mkdir /Library/StartupItems/CustomIPFWRules
cd !$

Created a file called `StatupParameters.plist` containing:

{
Description = “Custom Tadek’s IPFW Rules”;
Provides = (“CustomIPFWRules”);
Uses = (“Network”);
}

Created a file called `CustomIPFWRules` (the name has to match the directory name) containing a simple shell script:

#!/bin/sh

. /etc/rc.common

case “$1″ in
start)

ConsoleMessage “applying tadek’s ipfw rules”
ipfw add 2045 deny tcp from any to “ip_I_want_to_block” out
;;
esac

exit 0

Voila!

BTW: a [useful link on playing with Firewall in OSX](http://www.macdevcenter.com/pub/a/mac/2005/03/15/firewall.html).

This entry was posted on Tuesday, May 1st, 2007 at 7:57 pm and is filed under Progs/Tools/Libs, Tips&Tricks. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.