Difference between revisions of "Configure Firewall"

From AwkwardTV
Jump to: navigation, search
m (Disable Firewall moved to Configure Firewall: Firewall is disabled by default :()
(added info on how to enable and configure firewall)
Line 1: Line 1:
 
== Note ==
 
== Note ==
'''This writeup seems pointless, as the AppleTV seems to ship with no firewall rules configured.'''
+
'''The AppleTV seems to ship with no firewall rules configured.'''
 +
'''There is no need to hack up a way to disable the firewall.'''
 +
 
  
 
In MacOS X, at boot time, <pre>/usr/libexec/FirewallTool</pre> runs, which reads the file <pre>/Library/Preferences/com.apple.sharing.firewall.plist</pre>
 
In MacOS X, at boot time, <pre>/usr/libexec/FirewallTool</pre> runs, which reads the file <pre>/Library/Preferences/com.apple.sharing.firewall.plist</pre>
Line 10: Line 12:
 
65535 allow ip from any to any
 
65535 allow ip from any to any
 
</pre>
 
</pre>
 
'''There is no need to hack up a way to disable the firewall.'''
 
  
  
  
== Obsolete information ==
+
== Enabling the Firewall ==
 +
It is likely that copying over FirewallTool from an Intel Mac will enable MacOS firewall configuration at boot time.
 +
In addition, it is neccesary to create /Library/Preferences/com.apple.sharing.firewall.plist. If the prefs plist file does not exist, FirewallTool will not configure ipfw. There are several ways to create this file:
  
These instructions were taken from the [[Install SSH]] article. Disabling the firewall may be necessary for installing additional servers. It is not necessary for allowing SSH access.
+
* Copy one you like from an Intel Mac
 
+
* Copy one, then edit as you like with the Property List Editor that comes with Xcode. (see: [http://www.macosxhints.com/article.php?story=20060427124349687 MacOS Hints article]
=Step 1=
+
* [http://wiki.awkwardtv.org/wiki/Install_System_Preferences Install System Preferences] from an Intel Mac and configure as usual.
Create the directory <tt>fw</tt> in <tt>/Volumes/OSBoot/System/Library/StartupItems/</tt>.
 
 
 
=Step 2=
 
Create the file <tt>StartupParameters.plist</tt> in <tt>/Volumes/OSBoot/System/Library/StartupItems/fw/</tt> with the following text:
 
 
 
{
 
  Description = "Firewall";
 
  Provides = ("Firewall");
 
  Requires = ("Network");
 
  OrderPreference = "None";
 
}
 
 
 
=Step 3=
 
Create the shell script <tt>fw</tt> in <tt>/Volumes/OSBoot/System/Library/StartupItems/fw/</tt> with the following text:
 
<pre>
 
#!/bin/sh
 
 
/sbin/ipfw -f flush
 
/sbin/ipfw add 65535 allow ip from any to any
 
</pre>
 
 
 
=Step 4=
 
Change file permission to make it executable:
 
<pre>
 
chmod 755 /Volumes/OSBoot/System/Library/StartupItems/fw/fw
 
</pre>
 

Revision as of 21:13, 27 March 2007

Note

The AppleTV seems to ship with no firewall rules configured. There is no need to hack up a way to disable the firewall.


In MacOS X, at boot time,
/usr/libexec/FirewallTool
runs, which reads the file
/Library/Preferences/com.apple.sharing.firewall.plist

Neither the binary nor the plist are distributed with the AppleTV OS, and it is therefore not surprising that in a default OS install, the ipfw kext has a single 'allow any' default rule:

-bash-2.05b$ sudo ipfw list
65535 allow ip from any to any


Enabling the Firewall

It is likely that copying over FirewallTool from an Intel Mac will enable MacOS firewall configuration at boot time. In addition, it is neccesary to create /Library/Preferences/com.apple.sharing.firewall.plist. If the prefs plist file does not exist, FirewallTool will not configure ipfw. There are several ways to create this file: