macOS Server 5.4 running on High Sierra (macOS 10.13) has an adaptive firewall built in, or a firewall that controls incoming access based on clients attempting to abuse the server. The firewall automatically blocks incoming connections that it considers to be dangerous. For example, if a client attempts too many incorrect logins then a firewall rule restricts that user from attempting to communicate with the server for 15 minutes. If you’re troubleshooting and you accidentally tripped up one of these rules then it can be a bit frustrating. Which is why Apple gives us afctl, a tool that interacts with the adaptive firewall. To enable the adaptive firewall, use the -f…
-
-
Manage The Adaptive Firewall Options In OS X Server 5
OS X Server 5 (El Capitan 10.11 or Yosemite 10.10) has an adaptive firewall built in, or a firewall that controls incoming access based on clients attempting to abuse the server. The firewall automatically blocks incoming connections that it considers to be dangerous. For example, if a client attempts too many incorrect logins then a firewall rule restricts that user from attempting to communicate with the server for 15 minutes. If you’re troubleshooting and you accidentally tripped up one of these rules then it can be a bit frustrating. Which is why Apple gives us afctl, a tool that interacts with the adaptive firewall. The most basic task you can…
-
Adaptive Firewall Statistics for OS X Server
I wrote up afctl (the command line tool to manage the OS X Server Adaptive Firewall) awhile back here https://krypted.com//mac-security/a-little-more-about-afctl-in-os-x-server. One thing I didn’t touch on is statistics. There’s a nice little command called hb_summary located in /Applications/Server.app/Contents/ServerRoot/System/Library/CoreServices/AdaptiveFirewall.bundle/Contents/MacOS that provides statistics for blocked hosts. To see statistics about how much the Adaptive Firewall is being used, just run the command with no options: /Applications/Server.app/Contents/ServerRoot/System/Library/CoreServices/AdaptiveFirewall.bundle/Contents/MacOS/hb_summary The output provides the following information (helpful if plugging this information into a tool like Splunk): Date Date statistics start Number of hosts blocked Addresses blocked Number of times each address was blocked Last time a host was blocked Total number of times a block was…
-
A Little More About afctl in OS X Server
Awhile back I wrote an article on managing the Adaptive Firewall built into Mountain Lion Server at https://krypted.com//mac-os-x-server/managing-lion-servers-adaptive-firewall-from-the-command-line. It’s worth mentioning that when you use this command you’re basically editing some text files. These include the blacklist, blockedHosts and whitelist folders at possibly the shortest folder at this depth in the file system that I’ve ever had the good luck to need to use /var/db/af (okay, okay, I’m sure we’ve all made /a/b/c and that’s shorter, but this is pretty close). You should use afctl to add and remove machines from these lists. The -w option in afctl used to add a host to a whitelist will cause the host…
-
Managing Lion Server's Adaptive Firewall From the Command Line
Previously, I had done an article on using the adaptive firewall in Mac OS x Server. But I hadn’t looked at controlling it from the command line yet. In Lion Server, the firewall automatically blocks incoming connections that it considers to be dangerous. For example, if a client attempts too many incorrect logins then a firewall rule restricts that user from attempting to communicate with the server for 15 minutes. If you’re troubleshooting and you accidentally tripped up one of these rules then it can be a bit frustrating. Which is why Apple gives us afctl, a tool that interacts with the adaptive firewall. The most basic task you can…