beautypg.com

Setting up logs for firewall service – Apple Mac OS X Server (Administrator’s Guide) User Manual

Page 534

background image

534

Chapter 15

To configure Firewall service:

1

In Server Settings, click the Network tab.

2

Click Firewall and choose Configure Firewall.

3

Select “Start Firewall at system startup” if you want the service to start whenever the server
starts up.

4

Select “Send rejection to client if connection is denied” if you want your server to respond to
denied connection attempts (this is on by default).

5

Choose which connections (allowed or denied) you want to log.

6

Click the NetInfo and Advanced tabs if you want to make configuration settings for UDP,
ICMP, IGMP, and NetInfo.

7

Click Save, then restart Firewall service.

Setting Up Logs for Firewall Service

You can log only the packets that are denied by the filters you set, only the packets that are
allowed, or both. Both logging options can generate a lot of log entries, which can fill up disk
space and degrade the performance of the server. You should use “Log all allowed packets”
only for limited periods of time.

To set up logs:

1

In Server Settings, click the Network tab.

2

Click Firewall and choose Configure Firewall.

3

Select the logging options you want, then click Save.

4

Restart Firewall service.

Server Status provides access to all of Mac OS X Server’s service logs. Click your server in the
Devices and Services list, then choose System Log and look for entries that begin with “ipfw.”

The filters you create in Server Settings correspond to one or more rules in the underlying
filtering software. Log entries show you the rule applied, the IP address of the client and
server, and other information. For more information about rules and what they mean, see
“Creating IP Filter Rules Using ipfw” on page 538.

Here are some examples of firewall log entries and how to read them.

Log Example 1

Dec 12 13:08:16 ballch5 mach_kernel: ipfw: 65000 Unreach TCP

10.221.41.33:2190 192.168.12.12:80 in via en0

This entry shows that Firewall service used rule 65000 to deny (unreach) the remote client at
10.221.41.33:2190 from accessing server 192.168.12.12 on Web port 80 via Ethernet port 0.

This manual is related to the following products:
See also other documents in the category Apple Software: