31.1. Configuring the Mac OS X Server Firewall

The firewall software built into Mac OS X Server is IPFW, which is also present (but hidden) in the standard version of Mac OS X. Mac OS X Server doesn't use the simpler application firewall found in the Security pane of System Preferences in Mac OS X. The main difference is that Mac OS X Server includes a complete graphical interface for configuring IPFW, making it easy to access the firewall's extensive capabilities without fiddling around on the command line or downloading third-party configuration software.

NOTE

For more on general firewall principles as well as how to set up the built-in firewalls in the standard version of Mac OS X, see Chapter 17.

The primary purpose of the firewall is to protect your server — which is likely to be exposed directly to the public Internet and offering numerous network services — from both random and targeted attacks. Unlike ordinary Macs, which often hide safely behind NAT routers, servers usually have no such intrinsic (if passive) protection and are easier targets. So, using a firewall and configuring it to be as restrictive as possible while enabling essential services are extremely important precautions to take.

It should come as no surprise that you can turn on the firewall, with basic settings, with just a few clicks. But for more complex firewall needs, Mac OS X Server also lets you dig deeply into firewall settings, tailoring them to your exact specifications.

31.1.1. Basic setup

Get Mac® Security Bible now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.