Filter
Top Products
60 Chapter 3 IP Firewall Service
Controlling or Enabling Network Game Usage
Sometimes network administrators need to control the use of network games. The
games might use network bandwidth and resources inappropriately or
disproportionately.
You can cut off network gaming by blocking all traffic incoming and outgoing on the
port number used by the game. You’ll have to determine the port used for each
network game in question. By default, Mac OS X Server’s firewall blocks all ports not
specifically opened.
You can choose to limit network game usage to IP addresses behind the firewall. To do
so, you’ll need to open the appropriate port on your LAN interface, but continue to
block the port on the interface connected to the Internet (WAN interface). Some games
require a connection to a gaming service for play, so this may not be effective. To learn
how to make a firewall filter, see “Creating an Advanced IP Filter for TCP ports” on
page 51.
You can open the firewall to certain games, allowing network games to connect to
other players and game services outside the firewall. To do this, you’ll need to open up
the appropriate port on your LAN and WAN interface. Some games require more than
one port to be open. Consult the game’s documentation for networking details. To
learn how to make a firewall filter, see “Creating an Advanced IP Filter for TCP ports” on
page 51.
Advanced Configuration
You might prefer to use a command-line interface and conventional configuration file
to configure Mac OS X Server’s firewall service. For example, you might have an existing
ipfw configuration file that you want to migrate to a new Mac OS X Server installation.
Alternately, you might need greater control of the firewall for troubleshooting or
intrusion detection.
Background
When you click the Save button in Server Admin, all the old rules are flushed and new
rules are loaded and apply immediately. This happens whether the IP firewall service is
started or stopped. If the IP firewall service is running, it is stopped long enough to
reload the rules, and it automatically restarts. The new rules are loaded from three
sources:
• The rules from both the General and the Advanced panels (stored in /etc/ipfilter/
ip_address_groups.plist).
• The manually configured ipfw rules, if any (stored in /etc/ipfilter/ipfw.conf).
• The NAT divert rule, if the NAT service is running.
LL2351.Book Page 60 Monday, September 8, 2003 2:47 PM