Difference between revisions of "IPFW"

From twofo wiki
Jump to navigation Jump to search
(New page: The first thing we need to do is create a user to run your DC++ client under. We do this because ipfw doesn't currently support filtering by program, but it does support filtering by user,...)
(No difference)

Revision as of 09:52, 26 October 2009

The first thing we need to do is create a user to run your DC++ client under. We do this because ipfw doesn't currently support filtering by program, but it does support filtering by user, so we can create ipfw rules that apply only to a specific user and run your DC++ client as that user I'm using "dc" as my user, you can use whatever you want.


You can create a new user by doing the following
Choose Apple menu > System Preferences and click Accounts
If some settings are dimmed, click the lock icon and type an administrator name and password.
Click Add (+) and type the user's name.


Next we need to create the ipfw rules.

Open a Terminal to run the following commands. This can be done from "Applications -> Utilities". Remembering to use the right User.
sudo ipfw add 111 allow tcp from any to 127.0.0.1 uid dc
sudo ipfw add 112 allow tcp from any to hub.twofo.co.uk uid dc
sudo ipfw add 113 deny tcp from any to not 137.205.0.0/16 uid dc

For these filters to work you have to run your client as the dc user


You should now your client running as user dc and with external connections blocked. You will need the following line to enable access control for the user 'dc'
xhost +si:localuser:dc

To run an application as another user enter the following lines in terminal
su dc


Enter the password that you gave the user dc when you created the user and finally run
/Applications/ShakesPeer.app/Contents/MacOS/ShakesPeer & exit


NB. The rules should reset when you reboot, so you might have to reconfigure them after every reboot or script them to run at startup. Please confirm with somebody on the hub if the rules are persistent or reset at every reboot.