Configuring a Firewall
A firewall blocks certain types of incoming traffic from the Internet while allowing outgoing traffic to the Internet. If you’re running a firewall, your job is to configure it to allow incoming traffic in response to outgoing traffic from your users. For example, if your users try to access a website, you want traffic from web servers to reach the users.
If your network already has a firewall on another server or a router or other security gateway appliance, you may not need to run OS X’s firewall. You do need to run a firewall on your Mac server if it’s acting as an Internet gateway, with the Mac between the Internet connection and the local network. You also need to run a firewall on the server if your Internet connection goes directly into a wireless router, and the router doesn’t have a firewall built in or running on it. In this case, the server needs to be connected to the router via Ethernet.
Regardless of whether you’re running a firewall on your Mac server or somewhere else, the next few sections provide useful information.
Setting up a firewall in Mountain Lion Server
Mountain Lion Server comes with Packet Filter (also known as pf), which is open source firewall software. Although you can access the pf firewall by using the command line, Mountain Lion Server’s graphic interface does not give you many options in configuring it, as did previous versions of OS X Server. For that reason, you may want to use a third-party front end to the pf firewall. ...