Category Archives: Mac

How to configure IPFW on Snow Leopard

Posted by matt on December 30, 2011 No comments

Snow Leopard’s default, GUI based firewall is convenient, but not very configurable. You can block or allow certain applications, but you can’t filter at the port or host level, can’t NAT, etc…

Fortunately, OS X 10.6 and earlier comes with IPFW (IPFIREWALL), a nice little packet filter that was included in FreeBSD for many years. By default, it’s managed through text files and the command line. If you want a GUI interface for ipfw management, try Waterroof (get it?). But here’s how you configure ipfw to run at boot on your Snow Leopard or earlier machine with just the tools Steve gave you.

Create the file /etc/ipfw.conf. This is where your filtering rules go. By default, ipfw runs one rule, which allows all traffic (65535 allow from any to any). If you’re configuring ipfw, you obviously want something more. You can get information on how to write ipfw rules from the FreeBSD site.

Once you have created and saved your configuration, you need to tell the OS to run ipfw at boot. On a Mac, this is done through the use of a launch daemon, which is configured using an XML file.

Create the file /Library/LaunchDaemons/com.ipfw.plist, and include the following text -

<?xml version=”1.0″ encoding=”UTF-8″?>
<!DOCTYPE plist PUBLIC “-//Apple Computer//DTD PLIST 1.0//EN” “http://
www.apple.com/DTDs/PropertyList-1.0.dtd”>
<plist version=”1.0″>
<dict>
<key>Label</key>
<string>ipfw</string>
<key>Program</key>
<string>/sbin/ipfw</string>
<key>ProgramArguments</key>
<array>
<string>/sbin/ipfw</string>
<string>/etc/ipfw.conf</string>
</array>
<key>RunAtLoad</key>
<true />
</dict>
</plist>

This tells OS X to run ipfw using the configuration file /etc/ipfw.conf.

Change ownership of the launch daemon file to root:admin

sudo chown root:admin /Library/LaunchDaemons/com.ipfw.plist

This is necessary for the OS to be able to run the daemon.

And finally, load your rules right now, instead of waiting for the next reboot

sudo /sbin/ipfw /etc/ipfw.conf

You can check what rules are loaded at any time using sudo ipfw list. And you can clear all rules using sudo ipfw flush.

Setup DNS on macos from command line

Posted by moti on December 30, 2011 No comments

If you get to remotely manage mac users over ssh, the networksetup command is a great tool.

The full manual is here : https://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/man8/networksetup.8.html

Here’s how to setup a dns server:
1. find the interface name

networksetup -listnetworkserviceorder

2. your output would look similiar to this:

(1) Bluetooth DUN
(Hardware Port: Bluetooth DUN, Device: Bluetooth-Modem)

(2) Ethernet
(Hardware Port: Ethernet, Device: en0)

(3) AirPort
(Hardware Port: AirPort, Device: en1)

3.choose the device you want to apply the dns settings to and run this command ( in this example were applying it to the AirPort interface ), change the google dns addresses to your preferred ones.

networksetup -setdnsservers AirPort 8.8.8.8 8.8.8.4

4. verify your changes using :

scutil –dns

WebDAV server on CentOS – Provider encountered an error while streaming a multistatus PROPFIND response

I’ve encountered this error when trying to connect to web dav enabled folder.
I saw some web posts to add :

RewriteEngine Off

However that did not work for me, I finally traced it back to SElinux, I was using a custom folder and needed to change the permissions :

[user@server]>sudo stat -Z -c %C /var/webdav
user_u:object_r:user_home_dir_t

Compared to /var/www

[user@server]>sudo stat -Z -c %C /var/www
system_u:object_r:httpd_sys_content_t

A change of SElinux permissions and all was well :

[user@server]> chcon -R -u system_u -r object_r -t httpd_sys_content_t /var/webdav

Mac mail attachments preview

Posted by moti on August 2, 2010 No comments

explanation from mac support forums : If the document is just a single page; Mail in Mac OS will show you the actual document rather than an icon for the attachment. Other mail applications do not do have this feature so they’ll just show an icon for an attached document regardless of how many pages the attachment has.
turn off :

defaults write com.apple.mail DisableInlineAttachmentViewing -bool yes

trun on :

defaults write com.apple.mail DisableInlineAttachmentViewing -bool false

Create ISO in MacOS

Posted by moti on July 7, 2010 No comments

open terminal ( of course )

# get drive name
$ drutil status
#un mount
$ diskutil unmountDisk /dev/disk1
#make iso
$ dd if=/dev/disk1 of=file.iso bs=2048
#test iso
$ hdid file.iso

kudos to the original post

101TECH

IT Solutions Done Right!