|
Other BSD and UNIX/UNIX-like Any other flavour of BSD or UNIX that does not have a section of its own. |
|
Thread Tools | Display Modes |
|
|||
MacOS X Sandvine Fix
http://wakarimasu.googlepages.com/macosx
Warning: It is highly recommended that you do this at a local console. Step 1 Open terminal Step 2 Run the command: sudo mkdir /Library/StartupItems/Firewall Step 3 Save the following to the file /Library/StartupItems/Firewall/Firewall #!/bin/sh ## Boot Script for firewall ##################################### # # Replace 55259 with your BitTorrent port and 55339 with your bittorrent port+100 # ##################################### # Purge existing rules, this blanks any existing rules /sbin/ipfw -f flush ######## # Basic Settings ######## # Allow everything on the localhost (127.0.0.1) /sbin/ipfw -f add 00100 allow ip from any to any via lo0 # Now check for spoofing attacks via localhost, and deny them /sbin/ipfw -f add 00110 deny from 127.0.0.0/8 to any in /sbin/ipfw -f add 00120 deny from any to 127.0.0.0/8 in /sbin/ipfw -f add 00130 deny from 224.0.0.0/3 to any in /sbin/ipfw -f add 00140 deny from any to 224.0.0.0/3 in # Setup stateful filtering # allows any estabilshed outbound connections to recieve data on the same port /sbin/ipfw -f add 25000 check-state /sbin/ipfw -f add allow tcp from any to any established /sbin/ipfw -f add allow tcp from any to any out setup keep-state /sbin/ipfw -f add allow udp from any to any out keep-state /sbin/ipfw -f add allow icmp from any to any out # Block RST Packets on your BitTorrent Port /sbin/ipfw -f add deny tcp from any to me 55259-55359 tcpflags rst # Allow new incoming BitTorrent connections /sbin/ipfw -f add pass tcp from any to any 55259 /sbin/ipfw -f add pass udp from any to any 55259 Step 4 Append any of the following rules to the file. Apple File Sharing # Allow AppleShare File Sharing /sbin/ipfw -f add allow tcp from any to me 548 keep-state setup /sbin/ipfw -f add allow tcp from any to me 427 keep-state setup Samba/Windows File Sharing # Allow Microsoft SMB file sharing /sbin/ipfw -f add pass tcp from any to me 135-139 /sbin/ipfw -f add pass udp from any to me 135-139 # Allow direct-hosted SMB w/out NetBIOS /sbin/ipfw -f add pass tcp from any to me 445 /sbin/ipfw -f add pass udp from any to me 445 iTunes sharing # iTunes library sharing /sbin/ipfw -f add allow tcp from any to me 3689 setup /sbin/ipfw -f add allow udp from any to me 3689 keep-state VNC # Allow VNC /sbin/ipfw -f add pass tcp from any to me 5900 More filters coming soon... Step 5 Save the following in the file /Library/StartupItems/Firewall/StartupParameters.plist { Description = "Firewall"; Provides = ("Firewall"); Requires = ("Network"); OrderPreference = "None"; Messages = { start = "Starting NAT/Firewall"; stop = "Stopping NAT/Firewall"; }; } Step 6 Run the following commands: sudo chown root /Library/StartupItems/Firewall/Firewall sudo chmod 755 /Library/StartupItems/Firewall/Firewall sudo chown root /Library/StartupItems/Firewall/StartupParameters.plist sudo chmod 644 /Library/StartupItems/Firewall/StartupParameters.plist Step 7 Close all open applications and reboot your computer. Step 8 Configure your torrent client to use a static outgoing (source) port or an outgoing port range. This port range should start with your bittorrent port (e.g. 55259), and extend to your bittorrent port+100. (e.g. 55359) Troubleshooting: If you cannot connect to the internet after doing this fix, open terminal and run the following commands: sudo rm /Library/StartupItems/Firewall/StartupParameters.plist sudo rm /Library/StartupItems/Firewall/Firewall Then reboot and please let me know. ======================================= I haven't tried this, but I'm assuming its for tiger/leopard. I'm on panther and there is no startupitems directory, but couldn't I just create the same rules with ipfw? I figured whoever created this guide just wanted to make things easier to remove, but ipfw -f flush should be good enough.. Last edited by kill-9; 8th May 2008 at 01:31 AM. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
HOWTO: XFCE MacOS-like menu plugin | vermaden | Guides | 13 | 20th April 2009 06:40 AM |