Viewing denied packets, Filtering udp ports in firewall service – Apple Mac OS X Server (Administrator’s Guide) User Manual

Firewall Service

535

Log Example 2

Dec 12 13:20:15 mayalu6 mach_kernel: ipfw: 100 Accept TCP

10.221.41.33:721 192.168.12.12:515 in via en0

This entry shows that Firewall service used rule 100 to allow the remote client at
10.221.41.33:721 to access the server 192.168.12.12 on the LPR printing port 515 via
Ethernet port 0.

Log Example 3

Dec 12 13:33:15 smithy2 mach_kernel: ipfw: 10 Accept TCP

192.168.12.12:49152 192.168.12.12:660 out via lo0

This entry shows that Firewall service used rule 10 to send a packet to itself on port 660 via
the loopback device 0.

Viewing Denied Packets

Viewing denied packets can help you identify problems and troubleshoot Firewall service.

To view denied packets:

1

Turn on logging of denied packets in the Configure Firewall window.

2

To view log entries in Server Status, click your server in the Devices and Services list.

3

Click the Log tab and choose System Log from the pop-up menu.

Filtering UDP Ports in Firewall Service

Many services use User Datagram Protocol (UDP) to communicate with the server. By
default, all UDP connections are allowed. You should apply filters to UDP ports sparingly, if at
all, because “deny” filters could create severe congestion in your server traffic.

If you filter UDP ports, don’t select the “Log all allowed packets” option in the General pane.
Since UDP is a “connectionless” protocol, every packet to a UDP port will be logged if you
select that option.

You should also create allow filters for specific services, including

m DNS on port 53

m DHCP on port 67

m SLP on port 427

m Windows Name Service browsing on ports 137 and 138

m Network Assistant on port 3283

m NFS on port 2049

m NetInfo