Mac | ipfw adding firewall rule [duplicate]

偶尔善良 提交于 2019-12-11 06:57:24

问题


In my Application, i need to block firewall such a way that it should block all the url and allow certain URL,

this is the rule i am wring

assuming i don't want to block www.google.com , www.facebook.com

ipfw 12164 deny tcp from any to any  
ipfw 12156 allow tcp from any to www.google.com  
ipfw 12157 allow tcp from any to www.facebook.com  

but its blocking all the connection, what should be the firewall rule to have such a scenario.


回答1:


Using ipfw to filter the traffic isn't a good idea. ipfw only works with IP address: when you add a rule with a hostname, the hostname is resolved and the current IP address in used.

Some hostname can have multiple IP addresses (test the command host www.google.com) or the IP address my change, or the server may return link to resources stored on other addresses.

If you want to filter the website the user can access, you can use parental controls or Managed Client (MCX).

But if you still want to use ipfw, you should accept ingoing TCP traffic. Your rules only accept outgoing TCP traffic to www.google.com and www.facebook.com and block any response.

You should write the first rule like this:

ipfw 12164 deny tcp from any to any out


来源:https://stackoverflow.com/questions/8604816/mac-ipfw-adding-firewall-rule

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!