how-to block ads
If you have your own set of ipfw rules (or you want to turn on logging for certain rules, which requires adding them with the 'log' keyword and optionally turning on verbose logging via the sysctl variable) you will note that on reboot they are overwritten by the system defaults. In order to avoid having to set the rules after every reboot, you will have to install a Startup Item to set the rules (and, optionally, sysctl commands) automatically at boot time. The easiest way to do this is to use the RMAC utility referenced at the bottom of this FAQ article to install and customize the startup script.
While the RMAC utility was originally created to modify network interface variables at boot, it can also be used for ipfw commands with the following modification: after having installed the Startup Item, pico or vi /Library/StartupItems/RMAC/StartupParameters.plist, and replace this text:
This will ensure that your ipfw rules are loaded after the default rules, and thus will not be overwritten.
Note: Under 10.3 (Panther), the OS will note that you have changed the default ipfw rules, and will disable the firewall settings that can configured via the Sharing preference pane.