Before you set up firewall service, What is a filter – Apple Mac OS X Server (Administrator’s Guide) User Manual

Firewall Service

527

Before You Set Up Firewall Service

When you start Firewall service, the default configuration denies access to all incoming
packets from remote computers. This provides the highest level of security. You can then
add new IP filters to allow server access to those clients who require access to services.

First, think about the services that you want to provide on your server. Mail, Web, and FTP
services generally require access from computers on the Internet. File and print services will
most likely be restricted to your local subnet.

Once you decide which services you want to protect using Firewall service, you need to

m determine which IP addresses you want to allow access to your server

m determine which IP addresses you want to deny access to your server

Then you can create the appropriate filters.

To learn how IP filters work and how to create them, read the sections that follow.

What Is a Filter?

A filter is made up of an IP address and a subnet mask, and sometimes a port number and
access type. The IP address and the subnet mask together determine the range of IP
addresses to which the filter applies, and can be set to apply to all addresses.

IP Address

IP addresses consist of four segments with values between 0 and 255, separated by dots (for
example, 192.168.12.12). The segments in IP addresses go from general to specific (for
example, the first segment might belong to all the computers in a whole company, and the
last segment might belong to a specific computer on one floor of a building).

Subnet Mask

The subnet mask, like the IP address, consists of up to four segments. You enter a mask to
indicate which segments in the specified IP address can vary and by how much. The only
values you can use in a subnet mask segment are

m 0

m 128

m 192

m 224

m 240

m 248

m 252

m 254

m 255