Archive for May, 2010

Resetting the Firewall to the Default Setting in Mac OS X Server 10.6

Sunday, May 23rd, 2010

A server can become unreachable for remote administration due to an error with the firewall configuration. In such a case, you must reset the firewall to its default state so Server Admin can access the server.

This recovery procedure requires you to use the command-line interface and must be done by an administrator who has physical access to the server.

To reset the firewall to its default setting:

  1. Disconnect the server from the Internet.
  2. Restart the server in single-user mode by holding down the Command–s keys during startup.
  3. Remove or rename the address groups file found at /etc/ipfilter/ip_address_groups.plist.
  4. Remove or rename the ipfw configuration file found at /etc/ipfilter/ipfw.conf.
  5. Force-flush the firewall rules by entering the following in Terminal:
  6. $ ipfw -f flush
  7. Edit the /etc/hostconfig file and set IPFILTER=-YES-.
  8. Complete the startup sequence in the login window by entering exit:
    the computer starts up with the default firewall rules and firewall enabled. Use Server Admin to refine the firewall configuration.
  9. Log in to your server’s local administrator account to confirm that the firewall is restored to its default configuration.
  10. Reconnect your host to the Internet.

Dead Men’s Switch with OS X Server

Sunday, May 23rd, 2010

Dead men’s switch (name taken from the railroad industry) is a technique you can use to protect yourself against accidental lockout while configure firewalls.

A dead men’s switch enables a service but allows the administrator a temporary backdoor to remediate a temporary lockout.

i.e. on Mac OS X Server 10.6 Snow Leopard with bash in command line:

# sudo ls; sleep 90; sudo serveradmin start ipfilter; sudo server admin stop ipfilter

this process will enable the firewall and automatically disable the firewall in 90 seconds.

Snow 301 Notebook

Wednesday, May 19th, 2010

My personal notebook made in preparation for the Snow 301 exam for the Apple Certified Specialist – Directory Services 10.6 certification on Mac OS X Server 10.6 Snow Leoaprd.

Mac OS X Directory Services v10.6

This notebook can be used complementary to the book Mac OS X Deployment v10.6 by Arek Dreyer and Ben Greisler published by Peachpit Press.