A server can become unreachable for remote administration due to an error with the firewall configuration. In such a case, you must reset the firewall to its default state so Server Admin can access the server.
This recovery procedure requires you to use the command-line interface and must be done by an administrator who has physical access to the server.
To reset the firewall to its default setting:
- Disconnect the server from the Internet.
- Restart the server in single-user mode by holding down the Command–s keys during startup.
- Remove or rename the address groups file found at /etc/ipfilter/ip_address_groups.plist.
- Remove or rename the ipfw configuration file found at /etc/ipfilter/ipfw.conf.
- Force-flush the firewall rules by entering the following in Terminal:
- Edit the /etc/hostconfig file and set IPFILTER=-YES-.
- Complete the startup sequence in the login window by entering exit:
the computer starts up with the default firewall rules and firewall enabled. Use Server Admin to refine the firewall configuration. - Log in to your server’s local administrator account to confirm that the firewall is restored to its default configuration.
- Reconnect your host to the Internet.
$ ipfw -f flush
Comments
Powered by Facebook Comments
Tags: ACS-SaM, Mac OS X 10.6, Security, Snow 303, Snow Leopard Server
I think you just mended my stiffed 10.6 server. Thanks!
I’m happy it has been useful!
I need to reset the firewall with OS X 10.6.6 (iMac), but I could not find any of those files.
I guess it is a different situation for a Non Server machine.
Do you have a similar procedure for standard Mac OS X 10.6 ?
Regards
Hello Isaac,
look I’m not aware of such files or substitutes in the client version of Mac OS X, although the ipfw command still exists.
The Firewall on Mac OS X client is ‘per application’ and not properly ‘per protocol’ or ‘per port’. To reset it I would say that it’s enough to delete all the rules defined in the Advanced section of the Security panel (Firewall tab) of the Preferences application.
I’d like to dig in your problem and see if I can be of further help, could you explain better the reason why you need to reset the firewall?
Maybe your problem could be related to some other system part.
Please let me know
Hi,
If I reset the Snow Leopard Server firewall to its defaults will that allow client computers receiving DHCP & NAT information from the server to access http & https ports? Is there a basic set of rules that will allow outgoing http, https and incoming imap, pop, VPN, ARD, WGN & Server Admin access?
The server is acting as a bridge between a public ip address from a fiber connection and the internal network using the 10.0.0.0 range.
Thanks for any help.
You will have to activate the NAT functionality by yourself. It is not a default.
But it’s really east set up.
Once NAT is enabled everything is allowed by default to go out. Nothing is allowed by default get it.
If you provide services to the public network you will have to configure the firewall to accept incoming request and static ip forwarding if your Mac server is firewalling other servers in the network that must provide the public service.