This chapter is from the book
- Identify the stateful firewall that is built into Mac OS X and Mac OS X Server.
- When enabling the default set of firewall rules in Mac OS X Server, what traffic is allowed?
- In what primary way does the Mac OS X Application Firewall differ from a standard port-blocking firewall?
- Why is tcpdump a good utility for troubleshooting the firewall configuration?
- Which configuration file is used for the Application Firewall?
- Which standard OS X configuration command is used to remotely enable or disable firewall services?
- The IP Firewall, ipfw, is the stateful firewall built into Mac OS X and Mac OS X Server.
- By default, all traffic is allowed out, and only Apple administrative ports and established traffic are allowed in.
- The Application Firewall identifies the application that is generating or receiving traffic when choosing which traffic to allow. Port-blocking firewalls use ports only, and do not identify which application is behind the traffic.
- On the server side, tcpdump shows what traffic is going past the firewall and arriving at the application layer. On a client, it informs you if traffic is being generated and accepted on the remote end.
- The /Library/Preferences/com.apple.alf.plist file.
- The defaults write command is used to change parameters in the firewall plist that will enable or disable the firewall or turn Allow Signed Applications or Stealth Mode on and off.