The other day I was having some issues with my VPN and Mail server working correctly. After narrowing down the issue to it being my firewall blocking the issue, I went out on a hunt to locate the possibility to be able to flush out the current rules from the firewall. OS X Leopard Server uses ipfw as it’s firewall implementation. Even OS X Leopard client uses ipfw! Fortunately it’s pretty similar to iptables which we also use on our Linux servers so there was a way to flush out the current rules. Simply using the following command will remove all the rules that haven’t been saved (which can be done either via the command line or through that nice Server Admin GUI tool):

1

sudo /sbin/ipfw -f flush

Once that’s run, you have have a peek back inside the Server Admin tool and you’ll notice under the Active Rules there should be none or only a couple. You can also show the list from the command line (which you’ll probably want to do under client since it doesn’t work with the Server Admin tool. Use this command to do so:

1
2

bash-3.2$ sudo /sbin/ipfw list
65535 allow ip from any to any

As you can see, I allow everything on my client machine, but on the server:

1
2
3
4
5
6
7
8
9
10
11

palomino:etc jimmybrancaccio$ sudo /sbin/ipfw list
00001 allow udp from any 626 to any dst-port 626
00010 divert 8668 ip from any to any via en0
03885 deny ip from 58.251.59.9 to any
03890 deny ip from 89.96.140.154 to any
03895 deny ip from 211.143.101.226 to any
03900 deny ip from 212.222.147.130 to any
03905 deny ip from 58.185.182.212 to any
03910 deny ip from 76.17.182.127 to any
03915 deny ip from 202.102.245.109 to any
65535 allow ip from any to any

There’s currently some blocks in place. Anyways, just a couple useful ipfw commands!