DaemonForums  

Go Back   DaemonForums > Other Operating Systems > Other BSD and UNIX/UNIX-like

Other BSD and UNIX/UNIX-like Any other flavour of BSD or UNIX that does not have a section of its own.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 8th May 2008
kill-9 kill-9 is offline
New User
 
Join Date: May 2008
Posts: 1
Thanked 0 Times in 0 Posts
Default MacOS X Sandvine Fix

http://wakarimasu.googlepages.com/macosx

Warning: It is highly recommended that you do this at a local console.

Step 1
Open terminal

Step 2
Run the command:

sudo mkdir /Library/StartupItems/Firewall

Step 3
Save the following to the file /Library/StartupItems/Firewall/Firewall
#!/bin/sh
## Boot Script for firewall
#####################################
#
# Replace 55259 with your BitTorrent port and 55339 with your bittorrent port+100
#
#####################################

# Purge existing rules, this blanks any existing rules
/sbin/ipfw -f flush

########
# Basic Settings
########

# Allow everything on the localhost (127.0.0.1)
/sbin/ipfw -f add 00100 allow ip from any to any via lo0

# Now check for spoofing attacks via localhost, and deny them
/sbin/ipfw -f add 00110 deny from 127.0.0.0/8 to any in
/sbin/ipfw -f add 00120 deny from any to 127.0.0.0/8 in
/sbin/ipfw -f add 00130 deny from 224.0.0.0/3 to any in
/sbin/ipfw -f add 00140 deny from any to 224.0.0.0/3 in

# Setup stateful filtering
# allows any estabilshed outbound connections to recieve data on the same port
/sbin/ipfw -f add 25000 check-state
/sbin/ipfw -f add allow tcp from any to any established
/sbin/ipfw -f add allow tcp from any to any out setup keep-state
/sbin/ipfw -f add allow udp from any to any out keep-state
/sbin/ipfw -f add allow icmp from any to any out


# Block RST Packets on your BitTorrent Port
/sbin/ipfw -f add deny tcp from any to me 55259-55359 tcpflags rst

# Allow new incoming BitTorrent connections
/sbin/ipfw -f add pass tcp from any to any 55259
/sbin/ipfw -f add pass udp from any to any 55259

Step 4
Append any of the following rules to the file.
Apple File Sharing
# Allow AppleShare File Sharing
/sbin/ipfw -f add allow tcp from any to me 548 keep-state setup
/sbin/ipfw -f add allow tcp from any to me 427 keep-state setup
Samba/Windows File Sharing
# Allow Microsoft SMB file sharing
/sbin/ipfw -f add pass tcp from any to me 135-139
/sbin/ipfw -f add pass udp from any to me 135-139

# Allow direct-hosted SMB w/out NetBIOS
/sbin/ipfw -f add pass tcp from any to me 445
/sbin/ipfw -f add pass udp from any to me 445
iTunes sharing
# iTunes library sharing
/sbin/ipfw -f add allow tcp from any to me 3689 setup
/sbin/ipfw -f add allow udp from any to me 3689 keep-state
VNC
# Allow VNC
/sbin/ipfw -f add pass tcp from any to me 5900

More filters coming soon...

Step 5
Save the following in the file /Library/StartupItems/Firewall/StartupParameters.plist
{
Description = "Firewall";
Provides = ("Firewall");
Requires = ("Network");
OrderPreference = "None";
Messages =
{
start = "Starting NAT/Firewall";
stop = "Stopping NAT/Firewall";
};
}

Step 6
Run the following commands:

sudo chown root /Library/StartupItems/Firewall/Firewall
sudo chmod 755 /Library/StartupItems/Firewall/Firewall
sudo chown root /Library/StartupItems/Firewall/StartupParameters.plist
sudo chmod 644 /Library/StartupItems/Firewall/StartupParameters.plist

Step 7
Close all open applications and reboot your computer.

Step 8
Configure your torrent client to use a static outgoing (source) port or an outgoing port range. This port range should start with your bittorrent port (e.g. 55259), and extend to your bittorrent port+100. (e.g. 55359)

Troubleshooting: If you cannot connect to the internet after doing this fix, open terminal and run the following commands:

sudo rm /Library/StartupItems/Firewall/StartupParameters.plist
sudo rm /Library/StartupItems/Firewall/Firewall

Then reboot and please let me know.

=======================================

I haven't tried this, but I'm assuming its for tiger/leopard. I'm on panther and there is no startupitems directory, but couldn't I just create the same rules with ipfw? I figured whoever created this guide just wanted to make things easier to remove, but ipfw -f flush should be good enough..

Last edited by kill-9; 8th May 2008 at 01:31 AM.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
HOWTO: XFCE MacOS-like menu plugin vermaden Guides 13 20th April 2009 06:40 AM


All times are GMT. The time now is 02:24 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick