Kerio,  Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment,  Network Infrastructure

A Little More About afctl in OS X Server

Awhile back I wrote an article on managing the Adaptive Firewall built into Mountain Lion Server at https://krypted.com//mac-os-x-server/managing-lion-servers-adaptive-firewall-from-the-command-line. It’s worth mentioning that when you use this command you’re basically editing some text files. These include the blacklist, blockedHosts and whitelist folders at possibly the shortest folder at this depth in the file system that I’ve ever had the good luck to need to use /var/db/af (okay, okay, I’m sure we’ve all made /a/b/c and that’s shorter, but this is pretty close).

You should use afctl to add and remove machines from these lists. The -w option in afctl used to add a host to a whitelist will cause the host to appear in theĀ /var/db/af/whitelist file. The -a option used to blacklist a host will add it to the /var/db/af/blacklist file. Hosts that are flagged are dropped into /var/db/af/blockedHosts and when you remove those hosts with the -r option they are removed from that file.

I think that pretty much beats that poor afctl horse to death. Simple is good sometimes!