Knowledge base

OS X Server: How to enable the adaptive firewall

Posted in Apple Mac OS

Summary

Learn how to enable the adaptive firewall in OS X Server.

Products Affected

OS X Server (Mountain Lion)

  1. Follow the steps in article TS4418 to correct an issue that prevents packet filter rules from loading.

  2. Run these commands on the server as an admin user to enable the adaptive firewall:

    sudo pfctl -f /etc/pf.conf
    sudo /Applications/Server.app/Contents/ServerRoot/usr/sbin/serverctl enable service=com.apple.afctl
    sudo /Applications/Server.app/Contents/ServerRoot/usr/libexec/afctl -f
  3. Edit /System/Library/LaunchDaemons/com.apple.pfctl.plist so that pfctl(8) is invoked with the -e flag. This will automatically enable the packet filter the next time the server boots. This can be accomplished with these commands:

    sudo defaults write /System/Library/LaunchDaemons/com.apple.pfctl ProgramArguments '(pfctl, -f, /etc/pf.conf, -e)'
    sudo chmod 644 /System/Library/LaunchDaemons/com.apple.pfctl.plist
    sudo plutil -convert xml1 /System/Library/LaunchDaemons/com.apple.pfctl.plist

Read more http://support.apple.com/kb/HT5519