dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
share rss forum feed


TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Da Bronx
Reviews:
·Optimum Online
·Clearwire Wireless
reply to Da Geek Kid

Re: [OS X] PF Firewall FrontEnd

Looks like an interesting program to manage specific services. What it seems to lack is the ability to do such things like drop syn packets from entire CIDR blocks. I am looking to open some services on my iMac, and want to restrict all access from certain geographic areas like all of apnic, lacnic, and much of eastern europe. Dropping all packets from 200.0.0.0/8 for instance is something which PF can do easily, but the interface to PF which Apple supplies is woefully deficient.

What I am looking for is a GUI front end to PF (pfctl). IceFloor seems to be the closest I have found. What I am concerned about is its effect on all the auto-magic OSX does.
--
"Remember, remember the fifth of November.
Gunpowder, Treason and Plot.
I see no reason why Gunpowder Treason
Should ever be forgot."

"People should not be afraid of their governments. Governments should be afraid of their people"



Da Geek Kid

join:2003-10-11
::1
kudos:1

Those addresses go into your hosts file...

I'd use both...



TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Da Bronx
Reviews:
·Optimum Online
·Clearwire Wireless

said by Da Geek Kid:

Those addresses go into your hosts file...

How do you put IP ranges into a hosts file? What entry in a hosts file would block 200.0.0.0 to 200.254.254.254?


Da Geek Kid

join:2003-10-11
::1
kudos:1
Reviews:
·Callcentric

for things like IP addresses I would use IceFloor. But I would highly recommend not using any apple device as a firewall. They are very simple in design and do not assist in anything for network troubleshooting. I would recommend anything that runs DD-WRT or any other open WRT firmware. They provide a wide range of abilities and tweaks. Although, doing this on your laptop is a good idea as always when going out to the open world. You want to make sure you are covered not just behind the firewall at home.