-
-
Configure The Adaptive Firewall In macOS Server 5.4 for High Sierra
macOS Server 5.4 running on High Sierra (macOS 10.13) has an adaptive firewall built in, or a firewall that controls incoming access based on clients attempting to abuse the server. The firewall automatically blocks incoming connections that it considers to be dangerous. For example, if a client attempts too many incorrect logins then a firewall rule restricts that user from attempting to communicate with the server for 15 minutes. If you’re troubleshooting and you accidentally tripped up one of these rules then it can be a bit frustrating. Which is why Apple gives us afctl, a tool that interacts with the adaptive firewall. To enable the adaptive firewall, use the -f…
-
Quick And Dirty Windows Firewall Scripting
Here ya’ go! netsh advfirewall firewall add rule name=”KryptedWebhook” dir=in protocol=tcp localport=8443 profile=private remoteip=any action=allow Wait, what’s that?!?! Let’s break down the options I used here: advfirewall: Yup, it’s the new firewall. firewall: Yup, it’s a firewall. add: I’m adding a new rule. I also could have used delete along with the rule name and removed one. Or show to see one. Or set to augment one. rule: It’s all about rules. Each rule allows for a port and/or an action. name: Every rule needs a unique name. Namespace conflicts will result in errors. If programmatically creating rules, I’ve found it undesirable to use a counter and instead moved to…
-
Configure The Adaptive Firewall In macOS Server 5.2
macOS Server 5.2 running on Sierra 10.12) has an adaptive firewall built in, or a firewall that controls incoming access based on clients attempting to abuse the server. The firewall automatically blocks incoming connections that it considers to be dangerous. For example, if a client attempts too many incorrect logins then a firewall rule restricts that user from attempting to communicate with the server for 15 minutes. If you’re troubleshooting and you accidentally tripped up one of these rules then it can be a bit frustrating. Which is why Apple gives us afctl, a tool that interacts with the adaptive firewall. The most basic task you can do with the firewall is…
-
Manage The Adaptive Firewall Options In OS X Server 5
OS X Server 5 (El Capitan 10.11 or Yosemite 10.10) has an adaptive firewall built in, or a firewall that controls incoming access based on clients attempting to abuse the server. The firewall automatically blocks incoming connections that it considers to be dangerous. For example, if a client attempts too many incorrect logins then a firewall rule restricts that user from attempting to communicate with the server for 15 minutes. If you’re troubleshooting and you accidentally tripped up one of these rules then it can be a bit frustrating. Which is why Apple gives us afctl, a tool that interacts with the adaptive firewall. The most basic task you can…
-
Command Line Firewall Management In OS X 10.10
The tools to automate OS X firewall events from the command line are still stored in /usr/libexec/ApplicationFirewall. And you will still use socketfilterfw there for much of the heavy lifting. However, now there are much more helpful and functional options in socketfilterfw that will allow you to more easily script the firewall. Some tricks I’ve picked up with the Mac Firewall/alf scripting: Configure the firewall fully before turning it on (especially if you’re doing so through something like Casper, FileWave, Munki, or Absolute Manage where you might kick yourself out of your session otherwise). Whatever you do, you can always reset things back to defaults by removing the com.apple.alf.plist file…
-
Using afctl To Manage The Adaptive Firewall In OS X Yosemite Server
OS X Server (Yosemite 10.10 running Server 3.5 has an adaptive firewall built in, or a firewall that controls incoming access based on clients attempting to abuse the server. The firewall automatically blocks incoming connections that it considers to be dangerous. For example, if a client attempts too many incorrect logins then a firewall rule restricts that user from attempting to communicate with the server for 15 minutes. If you’re troubleshooting and you accidentally tripped up one of these rules then it can be a bit frustrating. Which is why Apple gives us afctl, a tool that interacts with the adaptive firewall. The most basic task you can do with…
-
Control Windows Firewall From The Command Line
The Windows Firewall is controlled using the netsh command along with the advfirewall option. This command is pretty easy to use, although knowing the syntax helps. The most basic thing you do is enable the firewall, done by issuing a set verb along with a profile (in this case we’ll use current profile) and then setting the state to on, as follows: netsh advfirewall set currentprofile state on Or if you were controlling the domain profile: netsh advfirewall set domainprofile state on You can also choose to set other options within a profile. So to set the firewall policy to always block inbound traffic and allow outgoing traffic, use the…
-
Manage The Adaptive Firewall in Mavericks Server
OS X Server (Mavericks 10.9 running Server 3) has an adaptive firewall built in, or a firewall that controls incoming access based on clients attempting to abuse the server. The firewall automatically blocks incoming connections that it considers to be dangerous. For example, if a client attempts too many incorrect logins then a firewall rule restricts that user from attempting to communicate with the server for 15 minutes. If you’re troubleshooting and you accidentally tripped up one of these rules then it can be a bit frustrating. Which is why Apple gives us afctl, a tool that interacts with the adaptive firewall. The most basic task you can do with…
-
Adaptive Firewall Statistics for OS X Server
I wrote up afctl (the command line tool to manage the OS X Server Adaptive Firewall) awhile back here https://krypted.com//mac-security/a-little-more-about-afctl-in-os-x-server. One thing I didn’t touch on is statistics. There’s a nice little command called hb_summary located in /Applications/Server.app/Contents/ServerRoot/System/Library/CoreServices/AdaptiveFirewall.bundle/Contents/MacOS that provides statistics for blocked hosts. To see statistics about how much the Adaptive Firewall is being used, just run the command with no options: /Applications/Server.app/Contents/ServerRoot/System/Library/CoreServices/AdaptiveFirewall.bundle/Contents/MacOS/hb_summary The output provides the following information (helpful if plugging this information into a tool like Splunk): Date Date statistics start Number of hosts blocked Addresses blocked Number of times each address was blocked Last time a host was blocked Total number of times a block was…