Tadek’s Blog

Having extensively used Linux before I found GUI configuration of OSX firewall somewhat lacking. In particular, I wanted to limit outgoing access to some IP addresses (but I can imagine you may want to play with other things as well).

I found that I could buy Flying Buttress which should allow me to do this, but I really don’t need a graphical ipfw frontend, especially the one I’d have to pay for All I needed was to write some ipfw rules and make them persistent.

Here’s what I did:

 mkdir /Library/StartupItems/CustomIPFWRules
 cd !$

Created a file called StatupParameters.plist containing:

{
  Description     = "Custom Tadek's IPFW Rules";
  Provides        = ("CustomIPFWRules");
  Uses            = ("Network");
}

Created a file called CustomIPFWRules (the name has to match the directory name) containing a simple shell script:

#!/bin/sh

. /etc/rc.common

case "$1" in
        start)

        ConsoleMessage "applying tadek's ipfw rules"
        ipfw add 2045 deny tcp from any to "ip_I_want_to_block" out
        ;;
esac

exit 0

Voila!

BTW: a useful link on playing with Firewall in OSX.

This entry was posted on Tuesday, May 1st, 2007 at 7:57 pm and is filed under Progs/Tools/Libs, Tips&Tricks. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.