Filter
Top Products
44 Chapter 3 IP Firewall Service
Services such as Web and FTP are identified on your server by a Transmission Control
Protocol (TCP) or User Datagram Protocol (UDP) port number. When a computer tries to
connect to a service, firewall service scans the filter list for a matching port number.
• If the port number is in the filter list, the filter applied is the one that contains the
most specific address range.
• If the port number is not in the list, the Default filter that contains the most specific
address range is used.
The port filters you create are applied to TCP packets and can also be applied to UDP
packets. In addition, you can set up filters for restricting Internet Control Message
Protocol (ICMP), Internet Group Management Protocol (IGMP), and NetInfo data.
If you plan to share data over the Internet, and you don’t have a dedicated router or
firewall to protect your data from unauthorized access, you should use firewall service.
This service works well for small to medium businesses, schools, and small or home
offices.
Large organizations with a firewall can use firewall service to exercise a finer degree of
control over their servers. For example, individual workgroups within a large business,
or schools within a school system, may want to use firewall service to control access to
their own servers.
IP Firewall also provides stateful packet inspection which determines whether an
incoming packet is a legitimate response to an outgoing request or part of an ongoing
session, allowing packets that would otherwise be denied.
Mac OS X Server uses the application ipfw for firewall service.
Important: When you start firewall service the first time, most all incoming TCP
packets are denied until you change the filters to allow access. By default, only the
ports essential to remote administration are available. These include access by
Remote Directory Access (625), Server Administration via Server Admin (687), and
Secure Shell (22). For any other network service, you must create filters to allow
access to your server. If you turn firewall service off, all addresses are allowed access
to your server.
LL2351.Book Page 44 Monday, September 8, 2003 2:47 PM