[MacTUG] Configuring a firewall for the lab macs...
Donald Duff-McCracken
dsmccrac at uwaterloo.ca
Fri Apr 8 15:42:53 EDT 2011
Greeting MacTUGers…
I have the FireWall running on my lab Macs an have a few apps that need to talk to license servers on the same subnet. If I manually add them under the "Application Layer Firewall" (or 'ALF' as some lovingly call it) in 10.6 it works fine, and I did this recently when I found out that this was an issue. I would rather not have run around to each machine to do this after every rebuild! ;-)
My problems are compounded by the fact that I do not do a monolithic install — perhaps if I did this it would work fine, but for some reason, haha, an firewall that is application-based, is hard to configure if the apps are not installed.
I thought this would work: Deploy the OS and my deploystudio-packaged apps, and then manually configure the application-based firewall. Copy the /Library/Preferences/Apple.com.alf.plist to my server and toss it into a package. Reinstall again on this or another test machine, and this time in addition to the apps being installed, an alf.plist allowing ports to be open should clue in the firewall that the apps in question are allowed. This did not work. What is strange is that if I check the firewall in System Preferences it lists the apps as allowed, yet when I run the apps the 'deny or allow' dialog box pops up. Clearly it thinks these are different apps then the ones it has been given approval to.
I tried to add the alf.plist in workgroup manager, but that did not work either.
So I am thinking of figuring out ipfw and resorting to it. I know the ports in question, so maybe this is the way to go, to use the older firewall mechanism. Have folks done anything like this? It looks like I need to roll this into a script and have it run at startup, eh? I would rather not have to use ipfw, but I cannot seem to get a way for ALF to work.
Comments appreciated, as usual!!
don
------------------------------------
Donald Duff-McCracken
Technical Services Manager
Mapping, Analysis & Design
Faculty of Environment
University of Waterloo
(519) 888-4567 x32151
http://www.environment.uwaterloo.ca/computing/people/don.html
------------
To request help from MAD please us Request Tracker. For info see: http://www.environment.uwaterloo.ca/computing/faculty_staff/<http://www.fes.uwaterloo.ca/computing/faculty_staff/>
------------
This email communication is intended as a private communication for the sole use of the primary addressee and those individuals listed for copies in the original message. The information contained in this email is private and confidential and If you are not an intended recipient you are hereby notified that copying, forwarding or other dissemination or distribution of this communication by any means is prohibited. If you are not specifically authorized to receive this email and if you believe that you received it in error please notify the original sender immediately.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.uwaterloo.ca/pipermail/mactug/attachments/20110408/036a4d95/attachment.html
More information about the MacTUG
mailing list