beautypg.com

Blocking multicast services in firewall service, Allowing netinfo access to certain ip addresses – Apple Mac OS X Server (Administrator’s Guide) User Manual

Page 536

background image

536

Chapter 15

UDP ports above 1023 are allocated dynamically by certain services, so their exact port
numbers may not be determined in advance.

To set up UDP port filters:

1

In Server Settings, click the Network tab.

2

Click Firewall and choose Configure Firewall.

3

Click the Advanced tab and select “Apply filters in IP filter list to UDP ports.”

4

Click “all UDP ports” or enter a range of port numbers to filter in the “in range” fields.

5

Click Save, then restart Firewall service.

Blocking Multicast Services in Firewall Service

Some hosts and routers use Internet Gateway Multicast Protocol (IGMP) to send packets to
lists of hosts. Keep in mind that denying IGMP packets may prevent services that use
multicast addressing from running correctly. QuickTime Streaming uses multicast
addressing, as does Service Location Protocol (SLP).

To block IGMP connections:

1

In Server Settings, click the Network tab.

2

Click Firewall and choose Configure Firewall.

3

Click the Advanced tab and select Deny Internet Gateway Multicast Protocol (IGMP).

4

Click Save, then restart Firewall service.

Allowing NetInfo Access to Certain IP Addresses

Any information stored in a shared NetInfo domain needs to be accessed by multiple
Mac OS X computers on the network. You can use Firewall service to control which IP
addresses can access a particular shared domain.

To allow NetInfo access:

1

In Server Settings, click the Network tab.

2

Click Firewall and choose Configure Firewall.

3

Click the NetInfo tab and select a shared domain from the “Network visible domain” pop-up
menu.

4

Choose “everyone” to allow all IP addresses to access the domain.

To restrict access to certain IP addresses, enter IP addresses in the text field, pressing Return
between entries.

To enter a range of IP addresses, type a slash (/) after the IP address.

For example, 192.168.33.3/24 means the range 192.168.33.0 to 192.168.33.255.

This manual is related to the following products:
See also other documents in the category Apple Software: