IPFW

From twofo wiki
Revision as of 20:49, 11 November 2009 by Rampage (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

The first thing we need to do is create a user to run your DC++ client under. We do this because ipfw doesn't currently support filtering by program, but it does support filtering by user, so we can create ipfw rules that apply only to a specific user and run your DC++ client as that user I'm using "dc" as my user, you can use whatever you want.


You can create a new user by doing the following
Choose Apple menu > System Preferences and click Accounts
If some settings are dimmed, click the lock icon and type an administrator name and password.
Click Add (+) and type the user's name.


Next we need to create the ipfw rules.

Open a Terminal to run the following commands. This can be done from "Applications -> Utilities". Remembering to use the right User. It is important you use the exact syntax as indicated below.
sudo ipfw add 00111 allow all from any to { 127.0.0.1 or hub.twofo.co.uk or 137.205.0.0/16 } uid dc keep-state
sudo ipfw add 00112 drop all from any to { not 127.0.0.1 or not hub.twofo.co.uk or not 137.205.0.0/16 } uid dc


For these filters to work you have to run your client as the dc user


You should now your client running as user dc and with external connections blocked. You will need the following line to enable access control for the user 'dc'
xhost +si:localuser:dc

To run an application as another user enter the following lines in terminal
su dc


Enter the password that you gave the user dc when you created the user and finally run
/Applications/ShakesPeer.app/Contents/MacOS/ShakesPeer & exit


To delete the rules from the firewall simply run the following commands:
sudo ipfw del 00111 allow all from any to { 127.0.0.1 or hub.twofo.co.uk or 137.205.0.0/16 } uid dc keep-state
sudo ipfw del 00112 drop all from any to { not 127.0.0.1 or not hub.twofo.co.uk or not 137.205.0.0/16 } uid dc


NB. The rules should reset when you reboot, so you might have to reconfigure them after every reboot or script them to run at startup.