Difference between revisions of "IPFW"
| Astropoint (talk | contribs)  (New page: The first thing we need to do is create a user to run your DC++ client under. We do this because ipfw doesn't currently support filtering by program, but it does support filtering by user,...) | |||
| Line 11: | Line 11: | ||
| Open a Terminal to run the following commands. This can be done from "Applications -> Utilities". Remembering to use the right User.<br> | Open a Terminal to run the following commands. This can be done from "Applications -> Utilities". Remembering to use the right User.<br> | ||
| <span style="color:red">sudo ipfw add  | <span style="color:red">sudo ipfw add 00111 allow all from any to { 127.0.0.1 or hub.twofo.co.uk or 137.205.0.0/16 } uid dc keep-state</span><br> | ||
| <span style="color:red">sudo ipfw add  | <span style="color:red">sudo ipfw add 00112 drop tcp from any to { not 127.0.0.1 or not hub.twofo.co.uk or not 137.205.0.0/16 } uid dc</span><br> | ||
| For these filters to work you have to run your client as the dc user | For these filters to work you have to run your client as the dc user | ||
| Line 29: | Line 29: | ||
| NB. The rules should reset when you reboot, so you might have to reconfigure them after every reboot or script them to run at startup | To delete the rules from the firewall simply run the following commands: | ||
| <span style="color:red">sudo ipfw del 00111 allow all from any to { 127.0.0.1 or hub.twofo.co.uk or 137.205.0.0/16 } uid dc keep-state</span><br> | |||
| <span style="color:red">sudo ipfw del 00112 drop tcp from any to { not 127.0.0.1 or not hub.twofo.co.uk or not 137.205.0.0/16 } uid dc</span><br> | |||
| NB. The rules should reset when you reboot, so you might have to reconfigure them after every reboot or script them to run at startup. | |||
Revision as of 20:35, 11 November 2009
The first thing we need to do is create a user to run your DC++ client under. We do this because ipfw doesn't currently support filtering by program, but it does support filtering by user, so we can create ipfw rules that apply only to a specific user and run your DC++ client as that user I'm using "dc" as my user, you can use whatever you want.
You can create a new user by doing the following
Choose Apple menu > System Preferences and click Accounts
If some settings are dimmed, click the lock icon and type an administrator name and password.
Click Add (+) and type the user's name.
Next we need to create the ipfw rules.
Open a Terminal to run the following commands. This can be done from "Applications -> Utilities". Remembering to use the right User.
sudo ipfw add 00111 allow all from any to { 127.0.0.1 or hub.twofo.co.uk or 137.205.0.0/16 } uid dc keep-state
sudo ipfw add 00112 drop tcp from any to { not 127.0.0.1 or not hub.twofo.co.uk or not 137.205.0.0/16 } uid dc
For these filters to work you have to run your client as the dc user
You should now your client running as user dc and with external connections blocked. You will need the following line to enable access control for the user 'dc'
xhost +si:localuser:dc
To run an application as another user enter the following lines in terminal
su dc
Enter the password that you gave the user dc when you created the user and finally run
/Applications/ShakesPeer.app/Contents/MacOS/ShakesPeer & exit
To delete the rules from the firewall simply run the following commands:
sudo ipfw del 00111 allow all from any to { 127.0.0.1 or hub.twofo.co.uk or 137.205.0.0/16 } uid dc keep-state
sudo ipfw del 00112 drop tcp from any to { not 127.0.0.1 or not hub.twofo.co.uk or not 137.205.0.0/16 } uid dc
NB. The rules should reset when you reboot, so you might have to reconfigure them after every reboot or script them to run at startup.