Filter
Top Products
48 Chapter 3 IP Firewall Service
Setting Up Firewall Service for the First Time
Once you’ve decided which filters you need to create, follow these overview steps to
set up firewall service. If you need more help to perform any of these steps, see
“Managing Firewall Service” on page 49 and the other topics referred to in the steps.
Step 1: Learn and plan
If you’re new to working with IP Firewall, learn and understand firewall concepts, tools,
and features of Mac OS X Server and BIND. For more information, see “Understanding
Firewall Filters” on page 45.
Then plan your IP Firewall Service by planning which services you want to provide
access to. Mail, web, and FTP services generally require access from computers on the
Internet. File and print services will most likely be restricted to your local subnet.
Once you decide which services you want to protect using firewall service, you need to
determine which IP addresses you want to allow access to your server, and which IP
addresses you want to deny access to your server. Then you can create the appropriate
filters.
Step 2: Start firewall service
In Server Admin, select Firewall and click Start Service. By default, this blocks all
incoming ports except those used to configure the server remotely. If you’re
configuring the server locally, turn off external access immediately.
Step 3: Create an IP address group that filters will apply to
By default, there is an address group created for all incoming IP addresses. Filters
applied to this group will effect all incoming network traffic.
You can create additional groups based on source IP number or destination IP number.
See “Creating an Address Group” on page 50 for more information.
Step 4: Add filters to the IP filter list
Read “Understanding Firewall Filters” on page 45 to learn how IP filters work and how
to create them. You use this to further all other services, strengthen your network
security, and manage your network traffic through the firewall.
For information about creating a new filter, see “Creating an Advanced IP Filter for TCP
ports” on page 51.
Important: If you add or change a filter after starting firewall service, the new filter
will affect connections already established with the server. For example, if you deny
all access to your FTP server after starting firewall service, computers already
connected to your FTP server will be disconnected.
LL2351.Book Page 48 Monday, September 8, 2003 2:47 PM